Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

eating up of space


  • This topic is locked This topic is locked
12 replies to this topic

#1 amannoying

amannoying

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:37 PM

Posted 17 May 2016 - 04:56 AM

hello,

 

I am new to this world so kindly excuse my lack of information

 

i've got 2 files(BrowserHelper & BrowserHelperbk) in my C drive eating up 160 gb space

i'm not able to delete as it says these two files are open in update helper

i've attached a link to image for my problem kindly go through and recommend be the solution 

 

regards

 

 URL : http://postimg.org/image/o3hpkhuhd/



BC AdBot (Login to Remove)

 


#2 satchfan

satchfan

  • Malware Response Team
  • 2,668 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:09:07 AM

Posted 17 May 2016 - 05:12 AM

Hello amannoying and welcome to Bleeping Computer.

My name is Satchfan and I would be glad to help you with your computer problem.

Please read the following guidelines which will help to make cleaning your machine easier:

  • please follow all instructions in the order posted
  • please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear
  • all logs/reports, etc. must be posted in Notepad. Please ensure that word wrap is unchecked. In Notepad click Format, uncheck Word wrap if it is checked
  • if you don't understand something, please don't hesitate to ask for clarification before proceeding
  • the fixes are specific to your problem and should only be used for this issue on this machine.
  • please reply within 3 days. If you do not reply within this period I will post a reminder but topics with no reply in 4 days will be closed!

IMPORTANT:

Please DO NOT install/uninstall any programs unless asked to.
Please DO NOT run any scans other than those requested

===================================================

Note: Please complete these tasks in the order given in the instructions.

===================================================

Download and run AdwCleaner

Download AdwCleaner from here and save it to your desktop.


  • run AdwCleaner by clicking on Scan
  • when it has finished, leave everything that was found checked, (ticked), then click on Clean
  • if it asks to reboot, allow the reboot
  • on reboot a log will be produced; please attach the content of the log to your next reply.

===================================================

Download and run Junkware Removal Tool

Please download Junkware Removal Tool to your desktop.

  • shut down your protection software now to avoid potential conflicts.
  • run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator"
  • the tool will open and start scanning your system
  • please be patient as this can take a while to complete depending on your system's specifications
  • on completion, a log (JRT.txt) is saved to your desktop and will automatically open
  • post the contents of JRT.txt into your next message.

===================================================

Please download Malwarebytes Anti-Malware to your desktop.

  • double-click mb3-setup-1878.1878-3.5.1.2522.exe and follow the prompts to install the program
  • at the end, be sure a checkmark is placed next to the following
    • Launch Malwarebytes Anti-Malware
    • a 14 day trial of the Premium features is pre-selected: deselect this if you don’t want it, (it won’t diminish the scanning and removal capabilities of the program.
  • click Finish.
  • on the Dashboard, click Update Now
  • after the update completes, click the Scan Now' button.
  • if an update is available, clicking the Update Now button will update it
  • a Threat Scan will begin.
  • when the scan is complete, if malware has been detected, click Apply Actions to allow MBAM to clean what was found
  • when the prompt to restart the computer appears, click Yes
  • after the restart, once you are back at your desktop, open MBAM once more
  • click on the “History” tab, the “Application Logs”
  • double-click on the scan log which shows the date and time of the scan just performed.
  • click Copy to Clipboard
  • please paste the contents of the clipboard into your reply.

Logs to include with the next post:

AdwCleaner log
JRT.txt
Mbam.txt


Thanks

Satchfan

 

 


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#3 amannoying

amannoying
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:37 PM

Posted 18 May 2016 - 04:04 AM

thank you for the fast response , here are the results 
 
 
 
# AdwCleaner v5.117 - Logfile created 17/05/2016 at 20:08:19
# Updated 15/05/2016 by Xplode
# Database : 2016-05-15.2 [Server]
# Operating system : Windows 10 Pro  (X64)
# Username : vijay - VIJAY-PC
# Running from : C:\Users\vijay\Desktop\adwcleaner_5.117.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
 
***** [ Files ] *****
 
 
***** [ DLLs ] *****
 
 
***** [ WMI ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
[-] Task Deleted : DistromaticUpdater-periodic
[-] Task Deleted : DistromaticSearchProtect-hourly
[-] Task Deleted : DistromaticUpdater-logon
[-] Task Deleted : SPBIW_UpdateTask_Time_333436393432303037392d3437415a556c2a3223346c41
[-] Task Deleted : SPBIW_UpdateTask_Time_333436393432303037392d344a414155342a2a236c6c5a
[-] Task Deleted : SPBIW_UpdateTask_Time_333436393432303037392d344a414155342a2a236c6c5a
 
***** [ Registry ] *****
 
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\ShopperPro3.exe
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\YTDownloader.exe
[-] Key Deleted : HKLM\SYSTEM\CurrentControlSet\Control\Class\{0014298C-A9BA-440D-AAA8-AD12C7010EE5}
[-] Key Deleted : HKLM\SYSTEM\CurrentControlSet\Control\Class\{181A06EA-B82C-47DE-B851-E20FD0E1CC7D}
[-] Key Deleted : HKCU\Software\fa255cc5e4d8a54c903e1c7137c3c2b2
[-] Key Deleted : HKLM\SOFTWARE\Classes\AniGIFCtrl.AniGIF
[-] Key Deleted : HKLM\SOFTWARE\Classes\AniGIFPpg.AniGIFPpg
[-] Key Deleted : HKLM\SOFTWARE\Classes\AniGIFPpg.AniGIFPpg.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\AniGIFPpg2.AniGIFPpg2
[-] Key Deleted : HKLM\SOFTWARE\Classes\AniGIFPpg2.AniGIFPpg2.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho
[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{61AB12E1-A5FF-11D1-B2E9-444553540000}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{82351441-9094-11D1-A24B-00A0C932C7DF}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6DC82D15-92F2-11D1-A255-00A0C932C7DF}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{82351433-9094-11D1-A24B-00A0C932C7DF}
[-] Key Deleted : HKCU\Software\distromatic
[-] Key Deleted : HKCU\Software\YTDownloader
[-] Key Deleted : HKLM\SOFTWARE\ShopperPro3
[-] Key Deleted : HKLM\SOFTWARE\YTDownloader
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\YTDownloader
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Amazon Assistant
[-] Key Deleted : [x64] HKLM\SOFTWARE\ShopperPro3
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page]
[-] Data Restored : HKU\S-1-5-21-3995623376-2330443085-2327478385-1000\Software\Microsoft\Internet Explorer\Main [Search Page]
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\foxi69.tlscdn.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\televisionfanatic.dl.tb.ask.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\tlscdn.com
[-] Key Deleted : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\foxi69.tlscdn.com
[-] Key Deleted : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\tlscdn.com
[-] Key Deleted : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\foxi69.tlscdn.com
[-] Key Deleted : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\tlscdn.com
[-] Value Deleted : HKU\S-1-5-21-3995623376-2330443085-2327478385-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [SPDriver]
[-] Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [YTDownloader]
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [YTDownloader]
[#] Value Deleted : HKU\S-1-5-21-3995623376-2330443085-2327478385-1000\Software\Microsoft\Windows\CurrentVersion\Run [YTDownloader]
[-] Value Deleted : HKU\S-1-5-21-3995623376-2330443085-2327478385-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [YTDownloader]
 
***** [ Web browsers ] *****
 
[-] [C:\Users\vijay\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\vijay\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
 
*************************
 
:: "Tracing" keys deleted
:: Winsock settings cleared
 
*************************
 
C:\AdwCleaner\AdwCleaner[C1].txt - [1108 bytes] - [17/05/2016 20:05:11]
C:\AdwCleaner\AdwCleaner[C2].txt - [5177 bytes] - [17/05/2016 20:08:19]
C:\AdwCleaner\AdwCleaner[S6].txt - [5486 bytes] - [17/05/2016 20:02:51]
C:\AdwCleaner\AdwCleaner[S7].txt - [5288 bytes] - [17/05/2016 20:05:54]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [5396 bytes] ##########
 
 
 
 
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.6 (04.25.2016)
Operating System: Windows 10 Pro x64 
Ran by vijay (Administrator) on Tue 05/17/2016 at 20:25:17.95
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 5 
 
Successfully deleted: C:\Users\vijay\AppData\Local\installer (Folder) 
Successfully deleted: C:\WINDOWS\prefetch\TREESIZEFREE.EXE-33AF8574.pf (File) 
Successfully deleted: C:\WINDOWS\prefetch\TREESIZEFREESETUP.EXE-468AD169.pf (File) 
Successfully deleted: C:\WINDOWS\prefetch\TREESIZEFREESETUP.TMP-71EE664D.pf (File) 
Successfully deleted: C:\WINDOWS\prefetch\TREESIZEFREESETUP.TMP-FF294B8D.pf (File) 
 
 
 
Registry: 0 
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 05/17/2016 at 20:27:05.64
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 5/18/2016
Scan Time: 2:32 PM
Logfile: mbam.txt
Administrator: Yes
 
Version: 0.0.0.0000
Malware Database: v2016.05.18.03
Rootkit Database: v2016.05.06.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 10
CPU: x64
File System: NTFS
User: vijay
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 341640
Time Elapsed: 10 min, 20 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
 
 
 
 
 
 
 


#4 satchfan

satchfan

  • Malware Response Team
  • 2,668 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:09:07 AM

Posted 18 May 2016 - 04:18 AM

thank you for the fast response

 

I can't guarantee that will always happen because of time difference, (I'm in the UK and it's10 15 am here), but I'll do my best.

 

 

That cleared up some mess. Let’s have another look and see what else may be lurking.

Run Farbar Recovery Scan Tool

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • press Scan button
  • it will produce a log called Frst.txt in the same directory the tool is run from
  • please copy and paste log back here.
  • the first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the Frst.txt into your reply.

================================================

Logs to include with next post:

Frst.txt
Addition.txt


Thanks

Satchfan


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#5 amannoying

amannoying
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:37 PM

Posted 19 May 2016 - 10:39 AM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:18-05-2016
Ran by vijay (administrator) on VIJAY-PC (19-05-2016 21:05:25)
Running from C:\Users\vijay\Desktop
Loaded Profiles: vijay (Available Profiles: vijay & DefaultAppPool)
Platform: Windows 10 Pro Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Quick Heal Technologies Ltd.) E:\antivirus\SCSECSVC.EXE
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() E:\antivirus\BSSISS.EXE
(Quick Heal Technologies Ltd.) E:\antivirus\SAPISSVC.EXE
(Quick Heal Technologies Ltd.) E:\antivirus\OPSSVC.EXE
(Quick Heal Technologies Ltd.) E:\antivirus\BDSSVC.EXE
() C:\ProgramData\DatacardService\HWDeviceService64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Quick Heal Technologies Ltd.) E:\antivirus\EMLPROXY.EXE
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Amazon Inc.) C:\Program Files (x86)\Amazon\Amazon1ButtonApp\Amazon1ButtonService64.Exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(Quick Heal Technologies Ltd.) E:\antivirus\REPRSVC.EXE
(Quick Heal Technologies Ltd.) E:\antivirus\QUHLPSVC.EXE
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
() C:\ProgramData\TATA DOCOMO 3G\OnlineUpdate\ouc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
() C:\Windows\DAODx.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Quick Heal Technologies Ltd.) E:\antivirus\ONLINENT.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(BitTorrent Inc.) C:\Users\vijay\AppData\Roaming\BitTorrent\BitTorrent.exe
(Valve Corporation) D:\steam\Steam.exe
(BitTorrent Inc.) C:\Users\vijay\AppData\Roaming\BitTorrent\updates\7.9.6_42095\utorrentie.exe
(PowerISO Computing, Inc.) C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(BitTorrent Inc.) C:\Users\vijay\AppData\Roaming\BitTorrent\updates\7.9.6_42095\utorrentie.exe
(Valve Corporation) D:\steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\MSOSYNC.EXE
(Valve Corporation) D:\steam\bin\steamwebhelper.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7202520 2013-08-19] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2771576 2015-12-09] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [Quick Heal Core UI] => E:\antivirus\strtupap.exe [216752 2015-12-09] (Quick Heal Technologies Ltd.)
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [307200 2011-06-15] (PowerISO Computing, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [595480 2016-03-20] (Oracle Corporation)
HKU\S-1-5-21-3995623376-2330443085-2327478385-1000\...\Run: [BitTorrent] => C:\Users\vijay\AppData\Roaming\BitTorrent\BitTorrent.exe [1963016 2016-04-07] (BitTorrent Inc.)
HKU\S-1-5-21-3995623376-2330443085-2327478385-1000\...\Run: [Steam] => D:\steam\steam.exe [3077712 2016-04-30] (Valve Corporation)
Lsa: [Notification Packages] scecli C:\WINDOWS\system32\ScSecAuth.Dll
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{1a7773b8-64ed-4547-b3fa-ee2af6a5b8f1}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKU\S-1-5-21-3995623376-2330443085-2327478385-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.amazon.com/gp/bit/amazonserp/ref=bit_bds-p17_serp_ie_us_display?ie=UTF8&tagbase=bds-p17&tbrId=v1_abb-channel-17_fefd116b_1201_1403_20160409_IN_ie_sp_
SearchScopes: HKU\S-1-5-21-3995623376-2330443085-2327478385-1000 -> DefaultScope {B3B3A6AC-74EC-BD56-BCDB-EFA4799FB9DF} URL = hxxps://www.amazon.com/gp/bit/amazonserp/ref=bit_bds-p17_serp_ie_us_display?ie=UTF8&tagbase=bds-p17&tbrId=v1_abb-channel-17_fefd116b_1201_1403_20160409_IN_ie_ds_&tag=bds-p17-serp-us-ie-20&query={searchTerms}
SearchScopes: HKU\S-1-5-21-3995623376-2330443085-2327478385-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.co.in/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ASUM_enIN669
SearchScopes: HKU\S-1-5-21-3995623376-2330443085-2327478385-1000 -> {B3B3A6AC-74EC-BD56-BCDB-EFA4799FB9DF} URL = hxxps://www.amazon.com/gp/bit/amazonserp/ref=bit_bds-p17_serp_ie_us_display?ie=UTF8&tagbase=bds-p17&tbrId=v1_abb-channel-17_fefd116b_1201_1403_20160409_IN_ie_ds_&tag=bds-p17-serp-us-ie-20&query={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\ssv.dll [2016-04-09] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\jp2ssv.dll [2016-04-09] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-3995623376-2330443085-2327478385-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2012-10-01] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\vijay\AppData\Roaming\Mozilla\Firefox\Profiles\8x57h8qy.default-1448027489776
FF Homepage: hxxps://www.google.com
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.77.2 -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\dtplugin\npDeployJava1.dll [2016-04-09] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.77.2 -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\plugin2\npjp2.dll [2016-04-09] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-11-02] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-11-02] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-04-23] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2012-10-01] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-09-27] (Adobe Systems Inc.)
FF Extension: No Name - C:\Users\vijay\AppData\Roaming\Mozilla\Firefox\Profiles\8x57h8qy.default-1448027489776\extensions\{746505DC-0E21-4667-97F8-72EA6BCF5EEF} [not found]
FF Extension: ZenMate Security, Privacy & Unblock VPN - C:\Users\vijay\AppData\Roaming\Mozilla\Firefox\Profiles\8x57h8qy.default-1448027489776\Extensions\firefox@zenmate.com.xpi [2016-01-17]
FF Extension: uMatrix - C:\Users\vijay\AppData\Roaming\Mozilla\Firefox\Profiles\8x57h8qy.default-1448027489776\Extensions\uMatrix@raymondhill.net.xpi [2016-01-17]
FF Extension: Adblock Plus - C:\Users\vijay\AppData\Roaming\Mozilla\Firefox\Profiles\8x57h8qy.default-1448027489776\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-02-10]
 
Chrome: 
=======
CHR HomePage: Default -> amazon.com/websearch/?ie=UTF8__PARAM__
CHR DefaultSearchURL: Default -> hxxps://www.amazon.com/websearch/?ie=UTF8__PARAM__&query={searchTerms}
CHR DefaultSearchKeyword: Default -> amazon
CHR Profile: C:\Users\vijay\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\vijay\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-03-15]
CHR Extension: (Google Docs) - C:\Users\vijay\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-03-15]
CHR Extension: (Google Drive) - C:\Users\vijay\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-03-15]
CHR Extension: (YouTube) - C:\Users\vijay\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-15]
CHR Extension: (Google Sheets) - C:\Users\vijay\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-03-15]
CHR Extension: (Google Docs Offline) - C:\Users\vijay\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-16]
CHR Extension: (UltraSurf Security, Privacy & Unblock VPN) - C:\Users\vijay\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjnbclmflcpookeapghfhapeffmpodij [2016-03-16]
CHR Extension: (Chrome Web Store Payments) - C:\Users\vijay\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-04]
CHR Extension: (Amazon Smart Search) - C:\Users\vijay\AppData\Local\Google\Chrome\User Data\Default\Extensions\ooebgdicanjhnamfmdlmlbcnkgehkkmf [2016-04-09]
CHR Extension: (Gmail) - C:\Users\vijay\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-03-15]
CHR HKU\S-1-5-21-3995623376-2330443085-2327478385-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ooebgdicanjhnamfmdlmlbcnkgehkkmf] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Amazon 1Button App Service; C:\Program Files (x86)\Amazon\Amazon1ButtonApp\Amazon1ButtonService64.Exe [436032 2016-02-17] (Amazon Inc.)
R2 Behavior Detection System; E:\antivirus\bdssvc.exe [38040 2015-12-16] (Quick Heal Technologies Ltd.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1314848 2016-01-19] ()
R2 Core Mail Protection; E:\antivirus\EMLPROXY.EXE [63152 2015-12-09] (Quick Heal Technologies Ltd.)
R2 Core Scanning Server; E:\antivirus\SAPISSVC.EXE [277144 2015-12-24] (Quick Heal Technologies Ltd.)
S3 Core Scanning ServerEx; E:\antivirus\SAPISSVC.EXE [277144 2015-12-24] (Quick Heal Technologies Ltd.)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1156216 2015-12-09] (NVIDIA Corporation)
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1872504 2015-12-09] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [8185464 2015-12-09] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [6477432 2015-12-09] (NVIDIA Corporation)
R2 Online Protection System; E:\antivirus\opssvc.exe [67224 2015-12-24] (Quick Heal Technologies Ltd.)
R2 Quick Update Service; E:\antivirus\quhlpsvc.exe [166576 2015-12-09] (Quick Heal Technologies Ltd.)
R2 RepairService; E:\antivirus\reprsvc.exe [42160 2015-12-09] (Quick Heal Technologies Ltd.)
S2 ScanWscS; E:\antivirus\SCANWSCS.EXE [357024 2016-01-19] (Quick Heal Technologies Ltd.)
R2 ScSecSvc; E:\antivirus\ScSecSvc.exe [638104 2016-02-08] (Quick Heal Technologies Ltd.)
S2 TATA DOCOMO 3G. RunOuc; C:\Program Files (x86)\TATA DOCOMO 3G\UpdateDog\ouc.exe [240640 2016-02-19] () [File not signed]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
S2 DigitalWave.Update.Service; "C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe" [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 atkldrvr; C:\Windows\System32\DRIVERS\atkldrvr.sys [46960 2016-04-12] (Quick Heal Technologies Ltd.)
R1 bdsflt; C:\Windows\System32\DRIVERS\bdsflt.sys [336408 2016-04-26] (Quick Heal Technologies Ltd.)
R2 bdsnm; C:\Windows\system32\DRIVERS\bdsnm.sys [40280 2016-01-19] (Quick Heal Technologies Ltd.)
R3 bsfs; C:\Windows\System32\DRIVERS\bsfs.sys [89184 2016-04-12] (Quick Heal Technologies Ltd.)
R2 catflt; C:\Windows\System32\DRIVERS\catflt.sys [173656 2016-04-27] (Quick Heal Technologies Ltd.)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [129152 2016-04-25] (Samsung Electronics Co., Ltd.)
S0 elamdrv; C:\Windows\System32\DRIVERS\elamdrv.sys [37536 2016-01-25] (Quick Heal Technologies Ltd.)
R2 emlssx; C:\Windows\system32\DRIVERS\emlssx.sys [39792 2016-04-12] (Quick Heal Technologies Ltd.)
S4 ggc; C:\Windows\System32\DRIVERS\ggc.sys [91792 2016-04-12] (Quick Heal Technologies Ltd.)
R3 kbfltr; C:\Windows\system32\DRIVERS\kbfltr.sys [28968 2016-04-20] (Quick Heal Technologies Ltd.)
S3 llio; C:\WINDOWS\system32\DRIVERS\llio.sys [79944 2016-04-12] (Quick Heal Technologies Ltd.)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-05-19] (Malwarebytes)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
R3 MHIKEY10; C:\Windows\System32\Drivers\MHIKEY10x64.sys [60288 2010-09-15] (Generic USB smartcard reader)
S0 mscank; C:\Windows\System32\DRIVERS\mscank.sys [52152 2016-04-12] (Quick Heal Technologies Ltd.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19576 2015-12-09] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [50472 2015-08-11] (NVIDIA Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [589824 2015-10-30] (Realtek                                            )
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [221824 2016-04-25] (Samsung Electronics Co., Ltd.)
S3 tsusbhub; C:\Windows\System32\drivers\tsusbhub.sys [117248 2010-11-21] (Microsoft Corporation) [File not signed]
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
R0 webssx; C:\Windows\System32\drivers\webssx8.sys [91280 2016-03-25] (Quick Heal Technologies Ltd.)
R2 WinFLdrv; C:\Windows\SysWow64\WinFLdrv.sys [21888 2015-11-20] ()
U3 idsvc; no ImagePath
S3 WinDivert1.1; \??\C:\Program Files\KMSpico\WinDivert.sys [X]
U3 wpcsvc; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-05-19 21:05 - 2016-05-19 21:05 - 00020198 _____ C:\Users\vijay\Desktop\FRST.txt
2016-05-19 21:04 - 2016-05-19 21:05 - 00000000 ____D C:\FRST
2016-05-19 21:03 - 2016-05-19 21:04 - 02382336 _____ (Farbar) C:\Users\vijay\Desktop\FRST64.exe
2016-05-19 20:55 - 2016-05-19 20:55 - 00000000 ___HD C:\Users\vijay\ScStore
2016-05-18 14:34 - 2016-05-18 14:34 - 00001038 _____ C:\Users\vijay\Desktop\mbam.txt
2016-05-18 14:18 - 2016-05-19 20:55 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-05-18 14:18 - 2016-05-18 14:18 - 00001175 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-05-18 14:18 - 2016-05-18 14:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-05-18 14:18 - 2016-05-18 14:18 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-05-18 14:18 - 2016-05-18 14:18 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-05-18 14:18 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-05-18 14:18 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-05-18 14:18 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-05-18 14:14 - 2016-05-18 14:17 - 22851472 _____ (Malwarebytes ) C:\Users\vijay\Desktop\mbam-setup-2.2.1.1043 (1).exe
2016-05-17 20:27 - 2016-05-17 20:27 - 00000961 _____ C:\Users\vijay\Desktop\JRT.txt
2016-05-17 20:23 - 2016-05-17 20:23 - 00005479 _____ C:\Users\vijay\Desktop\AdwCleaner[C2].txt
2016-05-17 20:03 - 2016-05-17 20:04 - 01610816 _____ (Malwarebytes) C:\Users\vijay\Desktop\JRT.exe
2016-05-17 19:01 - 2016-05-17 19:01 - 00000000 _____ C:\Users\vijay\Desktop\adwcleaner_5.117 (1).exe
2016-05-17 18:53 - 2016-05-17 20:08 - 00000000 ____D C:\AdwCleaner
2016-05-17 18:52 - 2016-05-17 18:53 - 03651136 _____ C:\Users\vijay\Desktop\adwcleaner_5.117.exe
2016-05-17 12:17 - 2016-05-17 12:17 - 00006305 _____ C:\WINDOWS\regact.dat
2016-05-17 11:14 - 2016-05-17 19:15 - 00000320 _____ C:\WINDOWS\Tasks\Quick Heal AntiMalware Scan.job
2016-05-17 11:14 - 2016-04-12 15:34 - 00079944 _____ (Quick Heal Technologies Ltd.) C:\WINDOWS\system32\Drivers\llio.sys
2016-05-17 11:14 - 2016-04-12 15:34 - 00052152 _____ (Quick Heal Technologies Ltd.) C:\WINDOWS\system32\Drivers\mscank.sys
2016-05-17 11:13 - 2016-05-17 19:13 - 00000296 _____ C:\WINDOWS\Tasks\Resume Quickup Download.job
2016-05-17 11:13 - 2016-05-17 11:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Quick Heal Total Security
2016-05-17 11:13 - 2016-05-17 11:13 - 00003368 _____ C:\WINDOWS\System32\Tasks\Resume Quickup Download
2016-05-17 11:13 - 2016-05-17 11:13 - 00000586 _____ C:\Users\Public\Desktop\Quick Heal Safe Banking.lnk
2016-05-17 11:13 - 2016-05-17 11:13 - 00000581 _____ C:\Users\Public\Desktop\Quick Heal Secure Browse.lnk
2016-05-17 11:13 - 2016-04-26 20:32 - 00336408 _____ (Quick Heal Technologies Ltd.) C:\WINDOWS\system32\Drivers\bdsflt.sys
2016-05-17 11:13 - 2016-04-12 15:34 - 00067072 _____ (Quick Heal Technologies Ltd.) C:\WINDOWS\system32\Drivers\wsfilter.sys
2016-05-17 11:13 - 2016-04-12 15:34 - 00039792 _____ (Quick Heal Technologies Ltd.) C:\WINDOWS\system32\Drivers\emlssx.sys
2016-05-17 11:13 - 2016-03-25 14:38 - 00091280 _____ (Quick Heal Technologies Ltd.) C:\WINDOWS\system32\Drivers\webssx8.sys
2016-05-17 11:13 - 2016-03-14 16:36 - 00485976 _____ (Quick Heal Technologies Ltd.) C:\WINDOWS\system32\ScDetour.Dll
2016-05-17 11:13 - 2016-03-09 09:25 - 00405120 _____ (Quick Heal Technologies Ltd.) C:\WINDOWS\SysWOW64\ScDetour.Dll
2016-05-17 11:13 - 2016-01-21 20:57 - 00131712 _____ (Quick Heal Technologies Ltd.) C:\WINDOWS\system32\atklshld64.dll
2016-05-17 11:13 - 2016-01-21 20:57 - 00115840 _____ (Quick Heal Technologies Ltd.) C:\WINDOWS\SysWOW64\atklshld32.dll
2016-05-17 11:13 - 2016-01-21 20:55 - 00310400 _____ (Quick Heal Technologies Ltd.) C:\WINDOWS\system32\ScSandboxApi.dll
2016-05-17 11:13 - 2016-01-21 20:55 - 00255616 _____ (Quick Heal Technologies Ltd.) C:\WINDOWS\SysWOW64\ScSandboxApi.dll
2016-05-17 11:13 - 2016-01-21 20:55 - 00224384 _____ (Quick Heal Technologies Ltd.) C:\WINDOWS\system32\ScSecAuth.Dll
2016-05-17 11:13 - 2016-01-19 09:49 - 00040280 _____ (Quick Heal Technologies Ltd.) C:\WINDOWS\system32\Drivers\bdsnm.sys
2016-05-17 11:12 - 2016-05-17 11:13 - 00000000 ____D C:\Program Files\Common Files\Quick Heal
2016-05-17 11:03 - 2016-05-17 20:09 - 00000000 ____D C:\WINDOWS\system32\gprodat
2016-05-17 11:03 - 2016-04-12 15:34 - 00091792 _____ (Quick Heal Technologies Ltd.) C:\WINDOWS\system32\Drivers\ggc.sys
2016-05-17 10:59 - 2016-05-17 10:59 - 00000075 _____ C:\Users\vijay\Desktop\Product Key.txt
2016-05-17 10:53 - 2016-05-17 10:53 - 00000199 _____ C:\Users\vijay\Desktop\Dota 2.url
2016-05-17 10:42 - 2016-05-17 10:42 - 00579624 _____ (Quick Heal Technologies Pvt. Ltd.) C:\Users\vijay\Downloads\QHTSFT.EXE
2016-05-17 10:33 - 2016-05-17 10:33 - 00000558 _____ C:\Users\Public\Desktop\Steam.lnk
2016-05-17 10:31 - 2016-05-17 10:32 - 01380712 _____ C:\Users\vijay\Downloads\SteamSetup.exe
2016-05-16 17:45 - 2016-05-16 17:45 - 00000770 _____ C:\Users\vijay\Desktop\TreeSize Free.lnk
2016-05-16 17:45 - 2016-05-16 17:45 - 00000000 ____D C:\Users\vijay\AppData\Roaming\JAM Software
2016-05-16 17:45 - 2016-05-16 17:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TreeSize Free
2016-05-16 17:40 - 2016-05-16 17:42 - 05963008 _____ (JAM Software ) C:\Users\vijay\Downloads\TreeSizeFreeSetup.exe
2016-05-15 08:51 - 2016-05-19 20:57 - 00004154 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{A2532E22-ADD6-493C-B604-BDC56A27982F}
2016-05-15 08:36 - 2016-05-17 12:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ANSYS 14.5
2016-05-15 08:36 - 2016-05-15 08:36 - 00000000 ____D C:\Users\vijay\AppData\Local\Ansys
2016-05-13 17:45 - 2016-05-13 17:45 - 00000000 ____D C:\Users\vijay\AppData\Roaming\Ansys
2016-05-11 17:12 - 2016-04-23 10:01 - 13018112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-05-11 17:12 - 2016-04-23 10:00 - 22379008 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-05-11 17:12 - 2016-04-23 09:58 - 16984576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-05-11 17:12 - 2016-04-23 09:56 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll
2016-05-11 17:12 - 2016-04-23 09:55 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
2016-05-11 17:12 - 2016-04-23 09:52 - 00460800 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2016-05-11 17:12 - 2016-04-23 09:49 - 07977472 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2016-05-11 17:12 - 2016-04-23 09:49 - 01056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2016-05-11 17:12 - 2016-04-23 09:49 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-05-11 17:12 - 2016-04-23 09:49 - 00853504 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2016-05-11 17:12 - 2016-04-23 09:48 - 24604672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-05-11 17:12 - 2016-04-23 09:48 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2016-05-11 17:12 - 2016-04-23 09:48 - 00939520 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2016-05-11 17:12 - 2016-04-23 09:48 - 00349696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2016-05-11 17:12 - 2016-04-23 09:46 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2016-05-11 17:12 - 2016-04-23 09:45 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-05-11 17:12 - 2016-04-23 09:45 - 00784896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2016-05-11 17:12 - 2016-04-23 09:44 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2016-05-11 17:12 - 2016-04-23 09:43 - 07200256 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2016-05-11 17:12 - 2016-04-23 09:43 - 06295552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2016-05-11 17:12 - 2016-04-23 09:39 - 02582016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2016-05-11 17:12 - 2016-04-23 09:38 - 02061824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2016-05-11 17:12 - 2016-04-23 09:37 - 05205504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2016-05-11 17:11 - 2016-04-23 10:58 - 01542816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-05-11 17:11 - 2016-04-23 10:54 - 07474528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-05-11 17:11 - 2016-04-23 10:54 - 01819208 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-05-11 17:11 - 2016-04-23 10:40 - 03673424 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-05-11 17:11 - 2016-04-23 10:40 - 02919832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-05-11 17:11 - 2016-04-23 10:39 - 22561256 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-05-11 17:11 - 2016-04-23 10:39 - 21123320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-05-11 17:11 - 2016-04-23 10:39 - 05240960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2016-05-11 17:11 - 2016-04-23 10:38 - 06605504 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2016-05-11 17:11 - 2016-04-23 09:53 - 11545088 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-05-11 17:11 - 2016-04-23 09:52 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-05-11 17:11 - 2016-04-23 09:50 - 19344384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-05-11 17:11 - 2016-04-23 09:50 - 18676224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-05-11 17:11 - 2016-04-23 09:49 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2016-05-11 17:11 - 2016-04-23 09:48 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2016-05-11 17:11 - 2016-04-23 09:45 - 00348672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2016-05-11 17:11 - 2016-04-23 09:44 - 13383168 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-05-11 17:11 - 2016-04-23 09:40 - 12125696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-05-11 17:11 - 2016-04-23 09:38 - 05324288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-05-11 17:11 - 2016-04-23 09:36 - 06974464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-05-11 17:11 - 2016-04-23 09:35 - 05502976 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2016-05-11 17:11 - 2016-04-23 09:33 - 05660160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-05-11 17:11 - 2016-04-23 09:33 - 04894208 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-05-11 17:11 - 2016-04-23 09:32 - 07832576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-05-11 17:10 - 2016-05-06 10:23 - 00095072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdport.sys
2016-05-11 17:10 - 2016-04-30 12:12 - 01387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-05-11 17:10 - 2016-04-30 12:01 - 03591168 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-05-11 17:10 - 2016-04-23 11:42 - 01401024 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-05-11 17:10 - 2016-04-23 11:42 - 01184960 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-05-11 17:10 - 2016-04-23 11:42 - 00713920 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-05-11 17:10 - 2016-04-23 11:42 - 00514752 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-05-11 17:10 - 2016-04-23 11:42 - 00294592 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-05-11 17:10 - 2016-04-23 11:42 - 00190144 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2016-05-11 17:10 - 2016-04-23 11:42 - 00046784 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-05-11 17:10 - 2016-04-23 10:58 - 01557768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2016-05-11 17:10 - 2016-04-23 10:54 - 01997328 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2016-05-11 17:10 - 2016-04-23 10:54 - 00754664 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2016-05-11 17:10 - 2016-04-23 10:52 - 01161120 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2016-05-11 17:10 - 2016-04-23 10:42 - 00925064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2016-05-11 17:10 - 2016-04-23 10:42 - 00451928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
2016-05-11 17:10 - 2016-04-23 10:42 - 00413536 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifitask.exe
2016-05-11 17:10 - 2016-04-23 10:41 - 01092464 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2016-05-11 17:10 - 2016-04-23 10:41 - 00498960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2016-05-11 17:10 - 2016-04-23 10:40 - 00330072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2016-05-11 17:10 - 2016-04-23 10:39 - 04074160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2016-05-11 17:10 - 2016-04-23 10:39 - 00569744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
2016-05-11 17:10 - 2016-04-23 10:39 - 00303216 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2016-05-11 17:10 - 2016-04-23 10:39 - 00255168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
2016-05-11 17:10 - 2016-04-23 10:38 - 04515256 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2016-05-11 17:10 - 2016-04-23 10:38 - 00725776 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2016-05-11 17:10 - 2016-04-23 10:37 - 01848072 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2016-05-11 17:10 - 2016-04-23 10:37 - 01536088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2016-05-11 17:10 - 2016-04-23 10:32 - 00188256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2016-05-11 17:10 - 2016-04-23 10:31 - 01996640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-05-11 17:10 - 2016-04-23 10:31 - 00650304 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2016-05-11 17:10 - 2016-04-23 10:31 - 00619296 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10level9.dll
2016-05-11 17:10 - 2016-04-23 10:31 - 00577368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-05-11 17:10 - 2016-04-23 10:31 - 00522176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2016-05-11 17:10 - 2016-04-23 10:31 - 00393568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-05-11 17:10 - 2016-04-23 10:31 - 00217440 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2016-05-11 17:10 - 2016-04-23 10:30 - 01776768 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2016-05-11 17:10 - 2016-04-23 10:30 - 01594920 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2016-05-11 17:10 - 2016-04-23 10:30 - 01522152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2016-05-11 17:10 - 2016-04-23 10:30 - 01399224 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2016-05-11 17:10 - 2016-04-23 10:30 - 01372304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2016-05-11 17:10 - 2016-04-23 10:26 - 00534872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2016-05-11 17:10 - 2016-04-23 10:09 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsCSP.dll
2016-05-11 17:10 - 2016-04-23 10:02 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapsupdatetask.dll
2016-05-11 17:10 - 2016-04-23 10:01 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
2016-05-11 17:10 - 2016-04-23 10:00 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2016-05-11 17:10 - 2016-04-23 09:59 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2016-05-11 17:10 - 2016-04-23 09:56 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2016-05-11 17:10 - 2016-04-23 09:55 - 00617984 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2016-05-11 17:10 - 2016-04-23 09:55 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2016-05-11 17:10 - 2016-04-23 09:54 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2016-05-11 17:10 - 2016-04-23 09:54 - 00292864 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2016-05-11 17:10 - 2016-04-23 09:54 - 00287232 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
2016-05-11 17:10 - 2016-04-23 09:54 - 00181248 _____ (Microsoft Corporation) C:\WINDOWS\system32\shacct.dll
2016-05-11 17:10 - 2016-04-23 09:51 - 00479232 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2016-05-11 17:10 - 2016-04-23 09:51 - 00314880 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2016-05-11 17:10 - 2016-04-23 09:50 - 00606720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2016-05-11 17:10 - 2016-04-23 09:50 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2016-05-11 17:10 - 2016-04-23 09:50 - 00484352 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll
2016-05-11 17:10 - 2016-04-23 09:50 - 00356864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2016-05-11 17:10 - 2016-04-23 09:50 - 00307200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2016-05-11 17:10 - 2016-04-23 09:48 - 00988672 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2016-05-11 17:10 - 2016-04-23 09:48 - 00804352 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2016-05-11 17:10 - 2016-04-23 09:48 - 00605184 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-05-11 17:10 - 2016-04-23 09:48 - 00585728 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2016-05-11 17:10 - 2016-04-23 09:48 - 00515072 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2016-05-11 17:10 - 2016-04-23 09:48 - 00471552 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2016-05-11 17:10 - 2016-04-23 09:47 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-05-11 17:10 - 2016-04-23 09:47 - 00529920 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2016-05-11 17:10 - 2016-04-23 09:47 - 00388608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2016-05-11 17:10 - 2016-04-23 09:46 - 01319424 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2016-05-11 17:10 - 2016-04-23 09:46 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2016-05-11 17:10 - 2016-04-23 09:45 - 01073152 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2016-05-11 17:10 - 2016-04-23 09:45 - 00865792 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2016-05-11 17:10 - 2016-04-23 09:45 - 00673280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2016-05-11 17:10 - 2016-04-23 09:44 - 00870912 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2016-05-11 17:10 - 2016-04-23 09:44 - 00821760 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2016-05-11 17:10 - 2016-04-23 09:44 - 00647680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2016-05-11 17:10 - 2016-04-23 09:44 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-05-11 17:10 - 2016-04-23 09:44 - 00354304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2016-05-11 17:10 - 2016-04-23 09:44 - 00342528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2016-05-11 17:10 - 2016-04-23 09:43 - 00705536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2016-05-11 17:10 - 2016-04-23 09:43 - 00489984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2016-05-11 17:10 - 2016-04-23 09:43 - 00434688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2016-05-11 17:10 - 2016-04-23 09:42 - 00667648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2016-05-11 17:10 - 2016-04-23 09:40 - 00639488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2016-05-11 17:10 - 2016-04-23 09:39 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-05-11 17:10 - 2016-04-23 09:37 - 02598912 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2016-05-11 17:10 - 2016-04-23 09:37 - 01500160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-05-11 17:10 - 2016-04-23 09:35 - 02166784 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-05-11 17:10 - 2016-04-23 09:35 - 02066432 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-05-11 17:10 - 2016-04-23 09:35 - 01946112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-05-11 17:10 - 2016-04-23 09:35 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2016-05-11 17:10 - 2016-04-23 09:35 - 00613376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2016-05-11 17:10 - 2016-04-23 09:34 - 04759040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2016-05-11 17:10 - 2016-04-23 09:34 - 01731072 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-05-11 17:10 - 2016-04-23 09:33 - 02280960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-05-11 17:10 - 2016-04-23 09:33 - 02000896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2016-05-11 17:10 - 2016-04-23 09:33 - 00754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2016-05-11 17:10 - 2016-04-23 09:33 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2016-05-11 17:10 - 2016-04-23 09:32 - 02444288 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2016-05-11 17:10 - 2016-04-23 09:31 - 04775424 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2016-05-11 17:10 - 2016-04-23 09:30 - 01390080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-05-11 17:10 - 2016-04-23 09:30 - 00984576 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2016-05-11 17:10 - 2016-04-23 07:40 - 00215040 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2016-05-11 17:09 - 2016-05-06 09:35 - 00241664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
2016-05-11 17:09 - 2016-05-06 09:33 - 00649216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2016-05-11 17:09 - 2016-05-06 09:23 - 00351232 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll
2016-05-11 17:09 - 2016-05-06 09:19 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnrSvc.dll
2016-05-11 17:09 - 2016-05-06 09:14 - 00582656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll
2016-05-11 17:09 - 2016-05-06 09:13 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
2016-05-11 17:09 - 2016-05-06 08:53 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcpopkeysrv.dll
2016-05-11 17:09 - 2016-04-23 11:42 - 00092352 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-05-11 17:09 - 2016-04-23 10:56 - 00707608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2016-05-11 17:09 - 2016-04-23 10:54 - 00638816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2016-05-11 17:09 - 2016-04-23 10:54 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2016-05-11 17:09 - 2016-04-23 10:54 - 00099680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2016-05-11 17:09 - 2016-04-23 10:48 - 00026408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2016-05-11 17:09 - 2016-04-23 10:43 - 00502104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-05-11 17:09 - 2016-04-23 10:43 - 00306832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanapi.dll
2016-05-11 17:09 - 2016-04-23 10:43 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2016-05-11 17:09 - 2016-04-23 10:41 - 00696672 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-05-11 17:09 - 2016-04-23 10:41 - 00390496 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
2016-05-11 17:09 - 2016-04-23 10:41 - 00131424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ufxsynopsys.sys
2016-05-11 17:09 - 2016-04-23 10:41 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2016-05-11 17:09 - 2016-04-23 10:39 - 00565600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2016-05-11 17:09 - 2016-04-23 10:39 - 00465760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2016-05-11 17:09 - 2016-04-23 10:37 - 00204048 _____ (Microsoft Corporation) C:\WINDOWS\system32\rsaenh.dll
2016-05-11 17:09 - 2016-04-23 10:37 - 00183904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rsaenh.dll
2016-05-11 17:09 - 2016-04-23 10:36 - 00291360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininit.exe
2016-05-11 17:09 - 2016-04-23 10:31 - 00513368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10level9.dll
2016-05-11 17:09 - 2016-04-23 10:30 - 01337240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2016-05-11 17:09 - 2016-04-23 10:30 - 00550656 _____ (Microsoft Corporation) C:\WINDOWS\system32\directmanipulation.dll
2016-05-11 17:09 - 2016-04-23 10:30 - 00453472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\directmanipulation.dll
2016-05-11 17:09 - 2016-04-23 10:30 - 00058208 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwminit.dll
2016-05-11 17:09 - 2016-04-23 10:05 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosHostClient.dll
2016-05-11 17:09 - 2016-04-23 10:04 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys
2016-05-11 17:09 - 2016-04-23 10:04 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\hmkd.dll
2016-05-11 17:09 - 2016-04-23 10:04 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2016-05-11 17:09 - 2016-04-23 10:03 - 00089600 _____ (Microsoft Corporation) C:\WINDOWS\system32\NFCProvisioningPlugin.dll
2016-05-11 17:09 - 2016-04-23 10:03 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshbth.dll
2016-05-11 17:09 - 2016-04-23 10:03 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmCx.sys
2016-05-11 17:09 - 2016-04-23 10:03 - 00038400 _____ (Microsoft Corporation) C:\WINDOWS\system32\ByteCodeGenerator.exe
2016-05-11 17:09 - 2016-04-23 10:02 - 00134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wificonnapi.dll
2016-05-11 17:09 - 2016-04-23 10:02 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseDesktopAppMgmtCSP.dll
2016-05-11 17:09 - 2016-04-23 10:00 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosHostClient.dll
2016-05-11 17:09 - 2016-04-23 09:59 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2016-05-11 17:09 - 2016-04-23 09:59 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
2016-05-11 17:09 - 2016-04-23 09:59 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\filecrypt.sys
2016-05-11 17:09 - 2016-04-23 09:59 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe
2016-05-11 17:09 - 2016-04-23 09:59 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hmkd.dll
2016-05-11 17:09 - 2016-04-23 09:59 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ByteCodeGenerator.exe
2016-05-11 17:09 - 2016-04-23 09:59 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2016-05-11 17:09 - 2016-04-23 09:58 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudDomainJoinDataModelServer.dll
2016-05-11 17:09 - 2016-04-23 09:58 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEDataLayerHelpers.dll
2016-05-11 17:09 - 2016-04-23 09:58 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
2016-05-11 17:09 - 2016-04-23 09:58 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2016-05-11 17:09 - 2016-04-23 09:58 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshbth.dll
2016-05-11 17:09 - 2016-04-23 09:57 - 00155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidclass.sys
2016-05-11 17:09 - 2016-04-23 09:57 - 00039424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wfdprov.dll
2016-05-11 17:09 - 2016-04-23 09:56 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdbusenum.dll
2016-05-11 17:09 - 2016-04-23 09:55 - 00630784 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
2016-05-11 17:09 - 2016-04-23 09:55 - 00207360 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-05-11 17:09 - 2016-04-23 09:54 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-05-11 17:09 - 2016-04-23 09:54 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\SubscriptionMgr.dll
2016-05-11 17:09 - 2016-04-23 09:54 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEDataLayerHelpers.dll
2016-05-11 17:09 - 2016-04-23 09:53 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-05-11 17:09 - 2016-04-23 09:53 - 00279040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ListSvc.dll
2016-05-11 17:09 - 2016-04-23 09:53 - 00179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\BrowserSettingSync.dll
2016-05-11 17:09 - 2016-04-23 09:53 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll
2016-05-11 17:09 - 2016-04-23 09:52 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
2016-05-11 17:09 - 2016-04-23 09:50 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shacct.dll
2016-05-11 17:09 - 2016-04-23 09:49 - 00395264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlansec.dll
2016-05-11 17:09 - 2016-04-23 09:49 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BrowserSettingSync.dll
2016-05-11 17:09 - 2016-04-23 09:48 - 00436736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2016-05-11 17:09 - 2016-04-23 09:48 - 00219648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2016-05-11 17:09 - 2016-04-23 09:47 - 00337920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanmsm.dll
2016-05-11 17:09 - 2016-04-23 09:45 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2016-05-11 17:09 - 2016-04-23 09:37 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2016-05-11 17:09 - 2016-04-23 09:35 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2016-05-11 17:09 - 2016-04-23 09:35 - 00103936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2016-05-11 17:09 - 2016-04-23 09:33 - 02193408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2016-05-11 17:09 - 2016-04-23 09:15 - 00461824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2016-05-11 17:08 - 2016-04-23 07:40 - 00002186 _____ C:\WINDOWS\system32\AppxProvisioning.xml
2016-05-11 17:08 - 2016-04-19 04:00 - 00002186 _____ C:\WINDOWS\SysWOW64\AppxProvisioning.xml
2016-05-11 13:19 - 2016-05-19 20:55 - 00000000 ____D C:\Users\vijay\AppData\LocalLow\BitTorrent
2016-05-06 17:05 - 2016-05-06 17:05 - 00000856 _____ C:\Users\vijay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\gta_sa.lnk
2016-05-06 17:05 - 2016-05-06 17:05 - 00000000 ____D C:\Users\vijay\Documents\GTA3 User Files
2016-05-06 17:04 - 2016-05-06 19:57 - 00000000 ____D C:\Users\vijay\Documents\NFS Most Wanted
2016-05-06 17:02 - 2016-05-06 17:13 - 00000000 ____D C:\Users\vijay\Documents\GTA Vice City User Files
2016-05-06 16:43 - 2016-05-06 16:45 - 00000000 ____D C:\Users\vijay\Documents\GTA San Andreas User Files
2016-05-05 10:41 - 2016-05-05 10:41 - 00003217 _____ C:\Users\vijay\Downloads\[kat.cr]the.flash.2014.s02e20.hdtv.x264.lol.ettv.torrent
2016-04-30 19:31 - 2016-04-30 19:31 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2016-04-29 20:36 - 2016-04-29 20:51 - 23315669 _____ C:\Users\vijay\Downloads\dota-2 (1).deskthemepack
2016-04-29 20:34 - 2016-04-29 20:36 - 00437566 _____ C:\Users\vijay\Downloads\dota-2.deskthemepack
2016-04-28 20:09 - 2016-04-28 20:09 - 00000020 ___SH C:\Users\DefaultAppPool\ntuser.ini
2016-04-28 20:09 - 2016-04-28 20:09 - 00000000 _SHDL C:\Users\DefaultAppPool\My Documents
2016-04-28 20:09 - 2016-04-28 20:09 - 00000000 _SHDL C:\Users\DefaultAppPool\Documents\My Videos
2016-04-28 20:09 - 2016-04-28 20:09 - 00000000 _SHDL C:\Users\DefaultAppPool\Documents\My Pictures
2016-04-28 20:09 - 2016-04-28 20:09 - 00000000 _SHDL C:\Users\DefaultAppPool\Documents\My Music
2016-04-28 20:09 - 2016-04-28 20:09 - 00000000 ____D C:\Users\DefaultAppPool
2016-04-28 20:09 - 2016-03-05 04:40 - 00000000 ____D C:\Users\DefaultAppPool\AppData\Roaming\Media Center Programs
2016-04-27 18:59 - 2016-04-27 18:59 - 00173656 _____ (Quick Heal Technologies Ltd.) C:\WINDOWS\system32\Drivers\catflt.sys
2016-04-27 07:21 - 2016-04-27 09:38 - 03092152 _____ C:\Users\vijay\Downloads\OneDriveSetup.exe.egrliiq.partial
2016-04-25 00:35 - 2016-04-25 00:35 - 00221824 _____ (Samsung Electronics Co., Ltd.) C:\WINDOWS\system32\Drivers\ssudmdm.sys
2016-04-25 00:35 - 2016-04-25 00:35 - 00129152 _____ (Samsung Electronics Co., Ltd.) C:\WINDOWS\system32\Drivers\ssudbus.sys
2016-04-20 17:23 - 2016-04-20 17:23 - 00028968 _____ (Quick Heal Technologies Ltd.) C:\WINDOWS\system32\Drivers\kbfltr.sys
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-05-19 21:05 - 2015-10-29 18:15 - 00000000 ____D C:\Users\vijay\AppData\Roaming\BitTorrent
2016-05-19 20:59 - 2016-03-15 01:34 - 00000924 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-05-19 20:57 - 2016-03-05 04:35 - 01009692 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-05-19 20:57 - 2015-10-30 12:51 - 00000000 ____D C:\WINDOWS\INF
2016-05-19 20:55 - 2016-03-15 01:34 - 00000920 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-05-19 20:55 - 2016-03-05 04:36 - 00000000 ____D C:\Users\vijay
2016-05-19 20:55 - 2015-10-30 12:54 - 00000000 ___HD C:\Program Files\WindowsApps
2016-05-19 20:55 - 2015-10-30 12:54 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-05-19 20:49 - 2016-03-05 04:43 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-05-19 20:49 - 2016-03-05 04:34 - 00000000 ____D C:\ProgramData\NVIDIA
2016-05-18 14:32 - 2016-03-06 21:50 - 00005206 _____ C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for vijay-PC-vijay vijay-PC
2016-05-17 20:26 - 2015-10-30 12:54 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-05-17 20:08 - 2015-10-30 11:58 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-05-17 12:01 - 2016-04-15 08:17 - 00000000 __SHD C:\found.000
2016-05-17 12:01 - 2015-11-01 10:59 - 00000000 ____D C:\Users\vijay\AppData\Roaming\vlc
2016-05-17 12:00 - 2015-11-03 15:34 - 00000000 ____D C:\Users\vijay\AppData\Roaming\MusicBee
2016-05-17 11:14 - 2015-10-29 17:03 - 00003442 _____ C:\WINDOWS\System32\Tasks\Quick Heal AntiMalware Scan
2016-05-17 11:13 - 2015-10-30 12:54 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2016-05-17 11:13 - 2015-10-30 11:58 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2016-05-17 10:25 - 2015-12-15 15:58 - 00000000 ____D C:\Program Files (x86)\Steam
2016-05-16 16:22 - 2016-04-14 18:54 - 00000000 ____D C:\WINDOWS\Minidump
2016-05-14 22:58 - 2015-10-30 12:41 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-05-13 14:25 - 2015-10-30 12:54 - 00000000 ____D C:\WINDOWS\rescache
2016-05-13 10:03 - 2015-11-29 16:35 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2016-05-13 10:00 - 2016-03-15 01:46 - 00002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-05-13 10:00 - 2016-03-15 01:46 - 00002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-05-12 19:09 - 2015-11-29 22:33 - 00003972 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2016-05-12 05:34 - 2016-03-05 19:19 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-05-12 01:27 - 2015-10-30 12:56 - 00829944 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-05-12 01:27 - 2015-10-30 12:56 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-05-11 20:56 - 2015-10-30 14:37 - 00000000 ____D C:\Program Files\Windows Journal
2016-05-11 20:56 - 2015-10-30 12:54 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-05-11 20:56 - 2015-10-30 12:54 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-05-11 20:56 - 2015-10-30 12:54 - 00000000 ____D C:\WINDOWS\Provisioning
2016-05-11 20:56 - 2015-10-30 12:54 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-05-11 17:26 - 2015-10-30 12:54 - 00015703 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2016-05-11 17:23 - 2015-11-09 17:31 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-05-11 17:17 - 2015-11-09 17:31 - 139319312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-05-11 13:54 - 2016-03-15 01:34 - 00003982 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-05-11 13:54 - 2016-03-15 01:34 - 00003750 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-05-06 16:43 - 2015-10-30 12:47 - 00480256 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnet.dll
2016-05-06 16:43 - 2015-10-30 12:47 - 00395264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnet.dll
2016-05-06 16:43 - 2015-10-30 12:47 - 00220160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dplayx.dll
2016-05-06 16:43 - 2015-10-30 12:47 - 00069120 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnathlp.dll
2016-05-06 16:43 - 2015-10-30 12:47 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnathlp.dll
2016-05-06 16:43 - 2015-10-30 12:47 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpwsockx.dll
2016-05-06 16:43 - 2015-10-30 12:47 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnsvr.exe
2016-05-06 16:43 - 2015-10-30 12:47 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpmodemx.dll
2016-05-06 16:43 - 2015-10-30 12:47 - 00023040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnsvr.exe
2016-05-06 16:43 - 2015-10-30 12:47 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dplaysvr.exe
2016-05-06 16:43 - 2015-10-30 12:47 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhupnp.dll
2016-05-06 16:43 - 2015-10-30 12:47 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhpast.dll
2016-05-06 16:43 - 2015-10-30 12:47 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnhupnp.dll
2016-05-06 16:43 - 2015-10-30 12:47 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnhpast.dll
2016-05-06 16:43 - 2015-10-30 12:47 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnlobby.dll
2016-05-06 16:43 - 2015-10-30 12:47 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnaddr.dll
2016-05-06 16:43 - 2015-10-30 12:47 - 00004608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnlobby.dll
2016-05-06 16:43 - 2015-10-30 12:47 - 00004608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnaddr.dll
2016-05-03 16:41 - 2016-03-05 19:19 - 00000000 ____D C:\Users\vijay\AppData\Local\Packages
2016-04-29 13:07 - 2016-03-05 19:22 - 00002367 _____ C:\Users\vijay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-04-29 13:07 - 2016-03-05 19:22 - 00000000 ___RD C:\Users\vijay\OneDrive
2016-04-28 20:42 - 2015-11-11 16:55 - 00001828 _____ C:\Users\vijay\Desktop\hackers list.txt
2016-04-28 08:14 - 2016-01-30 22:35 - 00000000 ____D C:\Users\vijay\AppData\Local\ElevatedDiagnostics
2016-04-22 13:27 - 2010-11-21 08:57 - 00453288 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
 
==================== Files in the root of some directories =======
 
2016-03-05 04:34 - 2016-03-05 04:34 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
Some files in TEMP:
====================
C:\Users\vijay\AppData\Local\Temp\libeay32.dll
C:\Users\vijay\AppData\Local\Temp\msvcr120.dll
C:\Users\vijay\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-05-14 21:31
 
==================== End of FRST.txt ============================
 
 
 
 
 
 
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:18-05-2016
Ran by vijay (2016-05-19 21:06:28)
Running from C:\Users\vijay\Desktop
Windows 10 Pro Version 1511 (X64) (2016-03-05 13:48:37)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3995623376-2330443085-2327478385-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3995623376-2330443085-2327478385-503 - Limited - Disabled)
Guest (S-1-5-21-3995623376-2330443085-2327478385-501 - Limited - Disabled)
vijay (S-1-5-21-3995623376-2330443085-2327478385-1000 - Administrator - Enabled) => C:\Users\vijay
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Quick Heal Total Security (Disabled - Up to date) {60EE5BF4-3309-ABA7-3A00-C88B68B340E6}
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Quick Heal Total Security (Disabled - Up to date) {DB8FBA10-1533-A429-00B0-F3F913340A5B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Quick Heal Firewall (Disabled) {58D5DAD1-7966-AAFF-115F-61BE9660079D}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Reader XI (11.0.16) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.16 - Adobe Systems Incorporated)
Amazon 1Button App (x32 Version: 2.3.4 - Amazon) Hidden <==== ATTENTION
AMD Catalyst Install Manager (HKLM\...\{5DDB9EF7-1BC0-C9C1-9829-6B9CF68AC357}) (Version: 8.0.903.0 - Advanced Micro Devices, Inc.)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.12.0 - Asmedia Technology)
ASUS Product Register Program (HKLM-x32\...\{C87D79F6-F813-4812-B7A9-CCCAAB8B1188}) (Version: 1.0.025 - ASUSTek Computer Inc.)
BitTorrent (HKU\S-1-5-21-3995623376-2330443085-2327478385-1000\...\BitTorrent) (Version: 7.9.6.42095 - BitTorrent Inc.)
Camtasia Studio 8 (HKLM-x32\...\{A2A41B60-D51F-4C04-BC94-B4C94F7B6DC0}) (Version: 8.6.0.2054 - TechSmith Corporation)
Counter-Strike (HKLM-x32\...\Steam App 10) (Version:  - Valve)
Counter-Strike 1.6 LH 2013 version 4.0 (HKLM-x32\...\{74DA1BDB-6A68-4BA2-9AF2-E0B00D21F8C0}_is1) (Version: 4.0 - LongHorn)
Counter-Strike: Condition Zero (HKLM-x32\...\Steam App 80) (Version:  - Valve)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
Day of Defeat (HKLM-x32\...\Steam App 30) (Version:  - Valve)
Dota 2 (HKLM\...\Steam App 570) (Version:  - Valve)
Dota 2 (HKLM-x32\...\Steam App 570) (Version:  - Valve)
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
Free MP4 Video Converter (HKLM-x32\...\Free MP4 Video Converter_is1) (Version: 5.0.72.1224 - DVDVideoSoft Ltd.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 50.0.2661.102 - Google Inc.)
Google Update Helper (x32 Version: 1.3.21.115 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
H1Z1 (HKLM-x32\...\Steam App 295110) (Version:  - Daybreak Games)
Half-Life Dedicated Server (HKLM-x32\...\Steam App 90) (Version:  - )
Java 8 Update 77 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218077F0}) (Version: 8.0.770.3 - Oracle Corporation)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft Keyboard Layout Creator 1.4 (HKLM-x32\...\{99E66BC9-E4B6-485F-ABFC-31EFCE36DFDF}) (Version: 1.4.6000 - Microsoft Corp.)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
MusicBee 2.5 (HKLM-x32\...\MusicBee) (Version: 2.5 - Steven Mayall)
NVIDIA 3D Vision Controller Driver 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 358.87 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 358.87 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.8.1.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.8.1.21 - NVIDIA Corporation)
NVIDIA Graphics Driver 358.87 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 358.87 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.4 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Overlord (HKLM-x32\...\{259A8A5E-2886-4BED-9EF1-D5485282CCC3}) (Version: 1.00.0606 - Codemasters)
PowerISO (HKLM-x32\...\PowerISO) (Version: 4.8 - PowerISO Computing, Inc.)
Quick Heal Total Security (HKLM\...\Quick Heal Total Security) (Version: 17.00 - Quick Heal Technologies Ltd.)
Quick Heal Total Security (Version: 17.00 - Quick Heal) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.67.1226.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7023 - Realtek Semiconductor Corp.)
SHIELD Streaming (Version: 4.1.0250 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.8.1.21 - NVIDIA Corporation) Hidden
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TATA DOCOMO 3G (HKLM-x32\...\TATA DOCOMO 3G) (Version: 21.005.15.03.793 - Huawei Technologies Co.,Ltd)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)
TeraCopy 2.3 (HKLM\...\TeraCopy_is1) (Version:  - Code Sector)
TreeSize Free V3.4.5 (HKLM-x32\...\TreeSize Free_is1) (Version: 3.4.5 - JAM Software)
Vegas Pro 13.0 (64-bit) (HKLM\...\{D264BD11-6A9B-11E4-A4F7-F04DA23A5C58}) (Version: 13.0.428 - Sony)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
WinRAR 5.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-3995623376-2330443085-2327478385-1000_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\vijay\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\FileCoAuth.exe (Microsoft Corporation)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0273315E-0B38-4013-8133-5AF265CDEB67} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {0DFB170C-0BC8-4EAB-9919-C340B21A226A} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {16758880-D12C-4BB6-AA2B-6A37E74C8783} - System32\Tasks\Resume Quickup Download => E:\antivirus\ACAPPAA.EXE [2015-12-09] (Quick Heal Technologies Ltd.)
Task: {25CAA30E-8E14-4A32-A753-20CC85668DC8} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
Task: {2736CCEA-9B1A-4CE0-859A-14C488949FBB} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
Task: {2BBF4157-D25A-4F99-92FA-E14F9E709B81} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {2CD1F619-4F09-46F4-9B9C-719057902B50} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {36BFB906-8A8D-4274-AD9E-2C6FEBFC0123} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {3757B41D-2D26-458B-ABDA-7E7185659100} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe [2013-08-28] (ASUSTek Computer Inc.)
Task: {378A0311-F248-4562-A557-F1FB585CA4CB} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe
Task: {39AA7F08-D6F1-426D-B74D-8B9A13FD1776} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {3C0D7C54-2DEA-4CA2-BA68-7D196C9A0267} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2012-10-01] (Microsoft Corporation)
Task: {46161789-F7EC-4456-8139-F8868903AF7F} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {471B6543-F912-4980-8218-529FD1BECE42} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {4809F177-5A07-4649-9165-011FC42EDA3D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-03-15] (Google Inc.)
Task: {5B403CA5-CC0B-486B-8380-61D0E7B66357} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {61044487-682E-4AD9-8CCD-227FFAAABEB7} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
Task: {6445E276-2BAC-4EFB-BA07-DAEE24F275DB} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
Task: {64731AEC-8335-4F2B-AB36-F201D73B5FFC} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {6A360851-315E-4F0C-B878-7CE6C674C985} - System32\Tasks\Microsoft Office 15 Sync Maintenance for vijay-PC-vijay vijay-PC => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2012-10-01] (Microsoft Corporation)
Task: {6DFA20A5-8A97-433A-BDAF-652BFC8A6EC8} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {6F65B7D6-8878-45C1-8F15-8DF84372A6EE} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {72B4D4D4-A5B2-417B-99F0-A667D2DE7C92} - \AutoPico Daily Restart -> No File <==== ATTENTION
Task: {72FC62EA-DB86-4AEB-9D58-378A8CAAE6FC} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {756C5D3B-DF7E-4A98-A847-E0F83C5F051B} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {7662F09A-498B-4EEC-A46D-ABE22F455FF1} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
Task: {7B952AAF-9048-4D2C-9B04-CB7BB5DE4C7E} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {82FB94AC-8F34-454B-B321-534AFEE0F2F0} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {8889A43F-6BC4-40EF-9F75-03AB6DC75655} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
Task: {92A18CE6-BC39-4724-9AFF-0DF20E409EB4} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {9D3D06A3-5A2C-4D52-A438-03C73B836805} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {A6F50394-21CA-4518-A7F1-DEE70F8F84E4} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
Task: {A73C7979-8D9A-44D4-AAD1-2462619FDB78} - System32\Tasks\ASUS\RunDAOD => C:\Windows\DAODx.exe [2009-03-30] ()
Task: {A78D2846-0A12-4484-9BFB-5B1212B60F67} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe
Task: {A7C8CADD-F4C2-483E-911C-B3CDFD606DA0} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe
Task: {B6932418-D68B-4CEA-946C-608E4155BE80} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
Task: {B721E1D9-AF8B-42C6-B5B5-1C0DFEC1738B} - System32\Tasks\Quick Heal AntiMalware Scan => E:\antivirus\ASMAIN.EXE [2016-02-04] (Quick Heal Technologies Ltd.)
Task: {C3B98A4E-4C22-4F17-A105-504F14F10615} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {C4AAEA35-6912-47A6-B37C-9BE874010C33} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
Task: {D8F0AA82-4879-4D42-BB22-21F83917FD78} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-04-22] (Adobe Systems Incorporated)
Task: {DA243B7D-6957-4442-B748-494DB01D72AC} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {E06D1950-3365-463F-A55D-2A169C22F858} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {F104A5E9-33C8-471D-A3A4-0E6198AE5469} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe
Task: {F12BD056-8957-439E-A943-CB596E03C0DF} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {F2715726-284E-45BE-B308-5B563686B14E} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {FE87B9CC-1C57-479E-AE88-4A94FBC3BF94} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-03-15] (Google Inc.)
Task: {FFB8102E-27AE-45FF-BF0A-4B52D0C24CFC} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Quick Heal AntiMalware Scan.job => E:\antivirus\ASMAIN.EXE
Task: C:\WINDOWS\Tasks\Resume Quickup Download.job => E:\antivirus\ACAPPAA.EXE
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-10-30 12:48 - 2015-10-30 12:48 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-03-05 04:33 - 2015-08-07 05:54 - 00116344 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-02-08 20:18 - 2016-02-08 20:18 - 00137880 _____ () E:\antivirus\bssiss.exe
2014-08-26 16:02 - 2014-08-26 16:02 - 00069632 _____ () E:\antivirus\scanapi.dll
2016-04-29 14:31 - 2016-05-17 12:07 - 00994304 _____ () E:\antivirus\scansdk.dll
2016-04-29 10:49 - 2016-05-17 12:07 - 00429056 _____ () E:\antivirus\platform.dll
2016-03-01 18:05 - 2016-03-01 18:05 - 00034816 _____ () E:\antivirus\FILESDK.DLL
2012-03-02 14:02 - 2012-03-02 14:02 - 00012800 _____ () E:\antivirus\DRVCOMM.DLL
2015-08-17 23:36 - 2015-08-17 23:36 - 00037888 _____ () E:\antivirus\MBFSWRAP.DLL
2015-08-17 23:36 - 2015-08-17 23:36 - 00235008 _____ () E:\antivirus\DISASM.DLL
2016-01-30 15:25 - 2016-05-17 12:07 - 00133632 _____ () E:\antivirus\dataproc.dll
2016-04-29 10:49 - 2016-05-17 12:07 - 00227328 _____ () E:\antivirus\scan.dll
2012-03-02 14:02 - 2012-03-02 14:02 - 00007680 _____ () E:\antivirus\VIRLIST.DLL
2015-08-17 23:36 - 2015-08-17 23:36 - 00274944 _____ () E:\antivirus\BOOT.DLL
2016-04-06 17:42 - 2016-04-06 17:42 - 00351744 _____ () E:\antivirus\MLTISCAN.DLL
2016-04-29 10:49 - 2016-05-17 12:07 - 00715776 _____ () E:\antivirus\pescan.dll
2016-04-25 09:46 - 2016-05-17 12:07 - 00269824 _____ () E:\antivirus\pepoly1.dll
2016-04-25 21:27 - 2016-05-17 12:07 - 01029120 _____ () E:\antivirus\lzesdk.dll
2016-04-28 17:29 - 2016-05-17 12:07 - 03946496 _____ () E:\antivirus\pepoly.dll
2016-04-21 09:12 - 2016-05-17 12:07 - 00479744 _____ () E:\antivirus\arcvsdk.dll
2016-03-15 22:54 - 2016-05-17 12:07 - 00017920 _____ () E:\antivirus\pepoly2.dll
2016-04-29 22:20 - 2016-05-17 12:07 - 00326656 _____ () E:\antivirus\heurscn1.dll
2016-04-29 22:20 - 2016-05-17 12:07 - 05011968 _____ () E:\antivirus\heurscan.dll
2016-03-15 22:54 - 2016-05-17 12:07 - 05654528 _____ () E:\antivirus\heurscn2.dll
2016-04-19 08:37 - 2016-05-17 12:07 - 00321536 _____ () E:\antivirus\dospoly.dll
2016-03-30 22:58 - 2016-05-17 12:07 - 00291840 _____ () E:\antivirus\vbsscan.dll
2016-04-29 10:49 - 2016-05-17 12:07 - 01588736 _____ () E:\antivirus\miscscan.dll
2016-04-16 10:54 - 2016-05-17 12:07 - 00191488 _____ () E:\antivirus\olesdk.dll
2012-03-02 14:02 - 2012-03-02 14:02 - 00008192 _____ () E:\antivirus\ARJSDK.DLL
2015-08-17 23:36 - 2015-08-17 23:36 - 00025088 _____ () E:\antivirus\UNARJ32.DLL
2016-04-29 11:34 - 2016-05-17 12:07 - 00050176 _____ () E:\antivirus\entescan.dll
2016-05-17 12:10 - 2016-04-29 22:24 - 00123904 ____N () C:\Program Files\Common Files\Quick Heal\Quick Heal Total Security\engine\engine2\eecore.dll
2015-10-20 13:03 - 2015-10-20 13:03 - 00069120 _____ () E:\antivirus\APPCSCAN.DLL
2016-04-26 20:34 - 2016-04-26 20:34 - 00033944 _____ () E:\antivirus\bdsres.dll
2011-03-14 20:57 - 2011-03-14 20:57 - 00346976 _____ () C:\ProgramData\DatacardService\HWDeviceService64.exe
2014-08-26 16:02 - 2014-08-26 16:02 - 00069632 _____ () E:\antivirus\SCANAPI.DLL
2015-12-25 02:55 - 2015-12-09 07:22 - 00217720 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
2015-11-16 18:12 - 2016-02-19 20:53 - 00240640 _____ () C:\ProgramData\TATA DOCOMO 3G\OnlineUpdate\ouc.exe
2016-04-13 16:42 - 2016-03-29 15:50 - 02656952 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2009-03-30 12:02 - 2009-03-30 12:02 - 00032768 ____R () C:\Windows\DAODx.exe
2016-04-13 16:42 - 2016-03-29 15:50 - 02656952 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-04-29 13:07 - 2016-04-29 13:07 - 00959176 _____ () C:\Users\vijay\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64\ClientTelemetry.dll
2012-10-01 20:36 - 2012-10-01 20:36 - 06522480 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2016-01-31 10:33 - 2012-01-20 14:55 - 00678400 _____ () C:\Program Files\TeraCopy\TeraCopyExt64.dll
2016-03-05 17:56 - 2016-03-05 17:56 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-05-11 17:09 - 2016-04-23 09:55 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-05-11 17:11 - 2016-04-23 09:32 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-05-11 17:11 - 2016-04-23 09:28 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-05-11 17:11 - 2016-04-23 09:28 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-05-11 17:11 - 2016-04-23 09:31 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-04-19 14:30 - 2016-04-19 14:30 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2015-11-16 18:12 - 2015-11-16 18:11 - 00011362 _____ () C:\ProgramData\TATA DOCOMO 3G\OnlineUpdate\mingwm10.dll
2015-11-16 18:12 - 2015-11-16 18:11 - 00043008 _____ () C:\ProgramData\TATA DOCOMO 3G\OnlineUpdate\libgcc_s_dw2-1.dll
2015-11-16 18:12 - 2015-11-16 18:11 - 02415104 _____ () C:\ProgramData\TATA DOCOMO 3G\OnlineUpdate\QtCore4.dll
2015-11-16 18:12 - 2015-11-16 18:11 - 01148416 _____ () C:\ProgramData\TATA DOCOMO 3G\OnlineUpdate\QtNetwork4.dll
2015-11-16 18:12 - 2015-11-16 18:11 - 00384512 _____ () C:\ProgramData\TATA DOCOMO 3G\OnlineUpdate\QueryStrategy.dll
2015-11-16 18:12 - 2015-11-16 18:11 - 00398336 _____ () C:\ProgramData\TATA DOCOMO 3G\OnlineUpdate\QtXml4.dll
2012-10-01 20:37 - 2012-10-01 20:37 - 06522480 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2015-11-08 16:22 - 2015-12-09 07:23 - 00011896 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2016-05-17 10:42 - 2016-04-30 01:40 - 00785920 _____ () D:\steam\SDL2.dll
2016-05-17 10:42 - 2015-07-03 21:42 - 04962816 _____ () D:\steam\v8.dll
2016-05-17 10:42 - 2016-04-30 05:40 - 02549840 _____ () D:\steam\video.dll
2016-05-17 10:42 - 2015-07-03 21:42 - 01556992 _____ () D:\steam\icui18n.dll
2016-05-17 10:42 - 2015-07-03 21:42 - 01187840 _____ () D:\steam\icuuc.dll
2016-05-17 10:42 - 2016-02-09 04:44 - 02549760 _____ () D:\steam\libavcodec-56.dll
2016-05-17 10:42 - 2016-02-09 04:44 - 00491008 _____ () D:\steam\libavformat-56.dll
2016-05-17 10:42 - 2016-02-09 04:44 - 00332800 _____ () D:\steam\libavresample-2.dll
2016-05-17 10:42 - 2016-02-09 04:44 - 00442880 _____ () D:\steam\libavutil-54.dll
2016-05-17 10:42 - 2016-02-09 04:44 - 00485888 _____ () D:\steam\libswscale-3.dll
2016-05-17 10:42 - 2016-04-30 05:40 - 00829008 _____ () D:\steam\bin\chromehtml.DLL
2016-05-17 10:42 - 2016-02-18 03:55 - 00281088 _____ () D:\steam\openvr_api.dll
2016-04-29 13:07 - 2016-04-29 13:07 - 00679624 _____ () C:\Users\vijay\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\ClientTelemetry.dll
2016-05-17 10:42 - 2016-04-28 06:30 - 49825056 _____ () D:\steam\bin\libcef.dll
2016-05-17 10:42 - 2015-09-25 05:26 - 00119208 _____ () D:\steam\winh264.dll
2016-05-13 10:00 - 2016-05-11 17:18 - 01738904 _____ () C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.102\libglesv2.dll
2016-05-13 10:00 - 2016-05-11 17:18 - 00086168 _____ () C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.102\libegl.dll
2016-04-19 14:30 - 2016-04-19 14:30 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-04-19 14:30 - 2016-04-19 14:31 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\vijay\Desktop\INTERNSHIP PROJECT.doc:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\vijay\Downloads\%2Fvar%2Ftmp%2Fpdf%2Fpdf_362444566_2015-11-24%2Ffb7ee741eb06ce46dd194f6694376b07.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\vijay\Downloads\abstarct and content.docx:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\vijay\Downloads\ABSTRACT.docx:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\vijay\Downloads\go karrrrrrrrrrrrrrt.pptx:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\vijay\Downloads\H MT NOTES V SMAWY.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\vijay\Downloads\LAPTOP STAND-MINI PROJECT FINAL REPORT FULL-2.docx:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\vijay\Downloads\Management and Entrepreneurship.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\vijay\Downloads\mini project format(1).docx:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\vijay\Downloads\mini project format.docx:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\vijay\Downloads\Posterolateralcornerinjuries.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\vijay\Documents\EMC09_Kyoto_tmplate.doc:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\vijay\Documents\Game On.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\vijay\Documents\IEEE Rules for Paper Presentation.doc:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\vijay\Documents\New Text Document (2).txt:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\vijay\Documents\resume.doc:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\vijay\Documents\rulebook.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\vijay\Documents\SUHAS G                     8088796309.docx:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\vijay\Documents\vgv.doc:SandBoxSafeFile [0]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-3995623376-2330443085-2327478385-1000\...\amazon.com -> hxxps://amazon.com
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 08:04 - 2016-05-18 14:13 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3995623376-2330443085-2327478385-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\vijay\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupreg: Steam => "E:\steam\steam.exe" -silent
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
FirewallRules: [{B4BFE718-8D7E-4248-B7D7-114EF679352A}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{D90EA935-BFCC-459B-8585-88F7A7496F27}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{1F676298-87BA-4112-BE43-A589DD9BF301}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\H1Z1\LaunchPad.exe
FirewallRules: [{B2D29339-E270-4B86-8293-59D8241E5C8F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\H1Z1\LaunchPad.exe
FirewallRules: [{ADDE21C4-ACD9-4CD1-8777-53C52BEFCC47}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{D4C9819D-838D-45ED-A860-F2020CB504CB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{06C3D269-9A4C-4F24-BEBA-8799B0347BB0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Half-Life\hlds.exe
FirewallRules: [{06B98905-DA44-4BFB-8B1C-0B1662506ECB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Half-Life\hlds.exe
FirewallRules: [{F96E7D5A-D5FD-422F-AF06-60F03F4FCC22}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{6ED36451-96BB-496E-BCE5-6247B51F76DE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{80D672FD-2B6F-46E6-87E6-0A449DEBD490}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Half-Life\hl.exe
FirewallRules: [{7048CAB0-1D20-43D8-9891-E28EC503BCC0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Half-Life\hl.exe
FirewallRules: [{2340E734-F45B-4E6E-8764-06DBA6CB90E1}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{9B0411A1-82C9-44A6-8A4A-D0C1FF2ABBE7}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{6A49DB23-BE1E-4B2A-AA1A-AFCD31DAB94D}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{8BFE3CEB-082C-4769-83F7-CDDCE1323B9F}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{A26ADC62-4E63-4909-B563-0BC1166B444A}] => (Allow) E:\steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{CE815B7B-25E2-4F71-9B1D-D8AF0E5ADD7C}] => (Allow) E:\steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{07F550CC-00D7-4D51-92F8-576C9290F0AE}] => (Allow) E:\steam\bin\steamwebhelper.exe
FirewallRules: [{A4BB6C4E-2437-4817-B6CE-44B22B474F17}] => (Allow) E:\steam\bin\steamwebhelper.exe
FirewallRules: [{5E885D9C-7798-4376-B7E3-CD0582D75BD0}] => (Allow) E:\steam\Steam.exe
FirewallRules: [{D6B2D2F6-8EDE-408F-B363-F299C5F1752B}] => (Allow) E:\steam\Steam.exe
FirewallRules: [{3599AF0C-8BA1-4968-8E28-87D83968BFF6}] => (Allow) LPort=8317
FirewallRules: [{DFE64B0A-1104-4DA9-99AD-2159DB815D6E}] => (Allow) LPort=8317
FirewallRules: [{EC05B05B-79FD-4610-9844-251A2950326D}] => (Allow) LPort=8317
FirewallRules: [{24F2D9D4-6FAA-4012-B045-4F54C68C1F09}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{28ADE72B-99F2-4760-BF95-E61743907AAA}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{3333BCD2-7942-4994-9BAA-F0B8C5131ABF}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{CEF4DB8E-F3AE-4305-A3C0-87CE577E4B5B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{3DAD7E2F-B420-4557-AA54-7BC55C542DD4}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{295E04E3-5EEA-41C1-BC78-AF44EBD43FD7}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{07A8F41D-FE26-4CF7-B237-CAA8E816197B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{F610035B-8C0A-4BF5-9B82-BF8EB132B5A0}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{E1DC1FC7-E58F-4D9C-91B3-2EB76975BD3A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{7D61D851-164E-4609-80EE-AD2D246040E5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{3D7A4D9E-E977-462F-B06B-CEF036A045C9}] => (Allow) G:\pics\revLoader.exe
FirewallRules: [{007E1C58-B2C2-4296-AABD-E9939A559124}] => (Allow) G:\pics\revLoader.exe
FirewallRules: [{B05358C0-CBA9-44DA-9DEE-C57A49CE4493}] => (Allow) G:\pics\revLoader.exe
FirewallRules: [{C29963C5-1675-4F96-8BC4-E4485CF09545}] => (Allow) G:\pics\revLoader.exe
FirewallRules: [{0AA44E49-9A7E-4E60-A45E-201A0B6ADE26}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe
FirewallRules: [{1EDDE363-A7E7-4DE1-87CC-7A64FCA92D29}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe
FirewallRules: [{EF0B1402-4C00-45FF-B332-C4FDC24DA6AB}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{F830B854-A037-422D-BD5C-5A72F5FE84CC}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{FFB90870-A8D7-4B25-AAC7-282D29D9DF9B}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{3ED14345-FFC4-4F89-8A10-ABB54122F557}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{4C92EC60-45F0-42AB-812B-215769C323F2}] => (Allow) G:\cs\hlds.exe
FirewallRules: [{4FA07B42-8B1F-4E20-A8B8-E78640C21C39}] => (Allow) G:\cs\hlds.exe
FirewallRules: [{4B4E07C0-7A1D-4100-B0CD-F9D82AD40B72}] => (Allow) G:\cs\hlds.exe
FirewallRules: [{09C15A03-87A1-4D0F-A7A8-7DF258FCD958}] => (Allow) G:\cs\hlds.exe
FirewallRules: [{D483718F-AD3F-44C1-9417-3C5FE74E80A7}] => (Allow) C:\Users\vijay\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{B81A5EA0-4C7C-4FC8-BB70-3662D90E9163}] => (Allow) C:\Users\vijay\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{7E025C5F-CC34-410F-8962-1F02518C77A6}] => (Allow) C:\Users\vijay\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{5F6CB53E-A972-47F9-A315-0A90670F7CBD}] => (Allow) C:\Users\vijay\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{6931A6FB-7379-4EC9-B2F4-C6537D65F000}] => (Allow) C:\Users\vijay\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{4433AA18-EA29-42A9-B28F-C65D653C9604}] => (Allow) C:\Users\vijay\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{DF4C5BD9-744F-4AD4-90D8-90C88F48A1C3}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{CBE5B9D9-53EF-49BA-A6D2-60D0BA65C8E5}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{AE24281E-F5B5-4337-B37B-E99DFF340867}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{655879FD-4178-42FD-8028-97C4A954EC90}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [TCP Query User{29E6965E-8D81-4E62-9A8F-78BA81F4F5D3}E:\cs lh\counter-strike 1.6 lh 2013\hl.exe] => (Block) E:\cs lh\counter-strike 1.6 lh 2013\hl.exe
FirewallRules: [UDP Query User{63C3AC30-CFB6-4D96-9561-C0D74E4DE13D}E:\cs lh\counter-strike 1.6 lh 2013\hl.exe] => (Block) E:\cs lh\counter-strike 1.6 lh 2013\hl.exe
FirewallRules: [TCP Query User{3125A576-08B9-45F7-B8F8-ECCEE1D05CAE}G:\cs nvdia\counter strike nvidia\hl.exe] => (Block) G:\cs nvdia\counter strike nvidia\hl.exe
FirewallRules: [UDP Query User{9FE843DF-25EB-4295-B18F-0930EFFF94FC}G:\cs nvdia\counter strike nvidia\hl.exe] => (Block) G:\cs nvdia\counter strike nvidia\hl.exe
FirewallRules: [TCP Query User{8196F562-B5F3-4BEE-9ED5-78E0497A0A9A}C:\program files (x86)\java\jre1.8.0_77\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_77\bin\javaw.exe
FirewallRules: [UDP Query User{05B4D0E2-CB7F-4BDF-B564-07C94BBDD94A}C:\program files (x86)\java\jre1.8.0_77\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_77\bin\javaw.exe
FirewallRules: [TCP Query User{01E56984-2365-496E-96FD-F3F400AE5D64}H:\games\motogp urt 3\motogp.exe] => (Allow) H:\games\motogp urt 3\motogp.exe
FirewallRules: [UDP Query User{F19A28F6-1F50-4BCE-9391-440477932207}H:\games\motogp urt 3\motogp.exe] => (Allow) H:\games\motogp urt 3\motogp.exe
FirewallRules: [{E5B06B4D-17D8-4661-8977-B6DC21631590}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{C67362F7-B0D0-4AF8-B152-090F738DC34B}] => (Allow) D:\steam\Steam.exe
FirewallRules: [{BD9DCCDB-FACB-443A-AD77-62930F7D4BDB}] => (Allow) D:\steam\Steam.exe
FirewallRules: [{D1A88BEE-555D-4975-ABAD-7E435F54B4C4}] => (Allow) D:\steam\bin\steamwebhelper.exe
FirewallRules: [{C82C2E6D-4722-4987-8727-CB8E80E5528C}] => (Allow) D:\steam\bin\steamwebhelper.exe
FirewallRules: [{ACFD3291-361A-455A-8E0F-3216E8EBE87B}] => (Allow) E:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{C5932558-A1D3-4722-A4BC-92C1DE650ECD}] => (Allow) E:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
 
==================== Restore Points =========================
 
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (05/19/2016 08:59:52 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418154
 
Error: (05/18/2016 02:09:20 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418154
 
Error: (05/17/2016 08:25:27 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
Error: (05/17/2016 08:05:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: adwcleaner_5.117.exe, version: 5.1.1.7, time stamp: 0x5738a2c1
Faulting module name: adwcleaner_5.117.exe, version: 5.1.1.7, time stamp: 0x5738a2c1
Exception code: 0xc0000005
Fault offset: 0x000211de
Faulting process id: 0x2970
Faulting application start time: 0xadwcleaner_5.117.exe0
Faulting application path: adwcleaner_5.117.exe1
Faulting module path: adwcleaner_5.117.exe2
Report Id: adwcleaner_5.117.exe3
Faulting package full name: adwcleaner_5.117.exe4
Faulting package-relative application ID: adwcleaner_5.117.exe5
 
Error: (05/17/2016 07:17:55 PM) (Source: ESENT) (EventID: 482) (User: )
Description: SearchIndexer (5464) Windows: An attempt to write to the file "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\edbres00002.jrs" at offset 0 (0x0000000000000000) for 1048576 (0x00100000) bytes failed after SearchIndexer0 seconds with system error 112 (0x00000070): "There is not enough space on the disk. ".  The write operation will fail with error -1808 (0xfffff8f0).  If this error persists then the file may be damaged and may need to be restored from a previous backup.
 
Error: (05/17/2016 07:17:55 PM) (Source: ESENT) (EventID: 482) (User: )
Description: SearchIndexer (5464) Windows: An attempt to write to the file "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\edbres00002.jrs" at offset 0 (0x0000000000000000) for 1048576 (0x00100000) bytes failed after SearchIndexer0 seconds with system error 112 (0x00000070): "There is not enough space on the disk. ".  The write operation will fail with error -1808 (0xfffff8f0).  If this error persists then the file may be damaged and may need to be restored from a previous backup.
 
Error: (05/17/2016 07:17:55 PM) (Source: ESENT) (EventID: 482) (User: )
Description: SearchIndexer (5464) Windows: An attempt to write to the file "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\edbres00002.jrs" at offset 0 (0x0000000000000000) for 1048576 (0x00100000) bytes failed after SearchIndexer0 seconds with system error 112 (0x00000070): "There is not enough space on the disk. ".  The write operation will fail with error -1808 (0xfffff8f0).  If this error persists then the file may be damaged and may need to be restored from a previous backup.
 
Error: (05/17/2016 07:17:55 PM) (Source: ESENT) (EventID: 482) (User: )
Description: SearchIndexer (5464) Windows: An attempt to write to the file "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\edbres00002.jrs" at offset 0 (0x0000000000000000) for 1048576 (0x00100000) bytes failed after SearchIndexer0 seconds with system error 112 (0x00000070): "There is not enough space on the disk. ".  The write operation will fail with error -1808 (0xfffff8f0).  If this error persists then the file may be damaged and may need to be restored from a previous backup.
 
Error: (05/17/2016 07:17:55 PM) (Source: ESENT) (EventID: 482) (User: )
Description: SearchIndexer (5464) Windows: An attempt to write to the file "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\edbres00002.jrs" at offset 0 (0x0000000000000000) for 1048576 (0x00100000) bytes failed after SearchIndexer0 seconds with system error 112 (0x00000070): "There is not enough space on the disk. ".  The write operation will fail with error -1808 (0xfffff8f0).  If this error persists then the file may be damaged and may need to be restored from a previous backup.
 
Error: (05/17/2016 07:17:55 PM) (Source: ESENT) (EventID: 482) (User: )
Description: SearchIndexer (5464) Windows: An attempt to write to the file "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\edbres00002.jrs" at offset 0 (0x0000000000000000) for 1048576 (0x00100000) bytes failed after SearchIndexer0 seconds with system error 112 (0x00000070): "There is not enough space on the disk. ".  The write operation will fail with error -1808 (0xfffff8f0).  If this error persists then the file may be damaged and may need to be restored from a previous backup.
 
 
System errors:
=============
Error: (05/19/2016 08:51:26 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Audio Endpoint Builder service, but this action failed with the following error: 
%%1056
 
Error: (05/19/2016 08:50:26 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Driver Foundation - User-mode Driver Framework service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
 
Error: (05/19/2016 08:50:26 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Portable Device Enumerator Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
 
Error: (05/19/2016 08:50:26 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Smart Card Device Enumeration Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
 
Error: (05/19/2016 08:50:26 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Human Interface Device Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
 
Error: (05/19/2016 08:50:26 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Offline Files service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
 
Error: (05/19/2016 08:50:26 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Audio Endpoint Builder service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (05/19/2016 08:50:26 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Security Center service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
 
Error: (05/19/2016 08:50:26 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Connection Manager service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
 
Error: (05/19/2016 08:50:26 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Microsoft Passport Container service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 1000 milliseconds: Restart the service.
 
 
==================== Memory info =========================== 
 
Processor: AMD FX™-8350 Eight-Core Processor 
Percentage of memory in use: 37%
Total physical RAM: 8093.36 MB
Available physical RAM: 5024.14 MB
Total Virtual: 16285.36 MB
Available Virtual: 12902.15 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:251.59 GB) (Free:60.54 GB) NTFS
Drive d: (SOFTWARES) (Fixed) (Total:634.76 GB) (Free:353.96 GB) NTFS
Drive e: () (Fixed) (Total:506.44 GB) (Free:169.99 GB) NTFS
Drive f: (QHTS) (CDROM) (Total:0.48 GB) (Free:0 GB) CDFS
Drive g: (New Volume) (Fixed) (Total:470.12 GB) (Free:324.12 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 97695AC7)
Partition 1: (Not Active) - (Size=993 KB) - (Type=42)
Partition 2: (Active) - (Size=100 MB) - (Type=42)
Partition 3: (Not Active) - (Size=251.6 GB) - (Type=42)
Partition 4: (Not Active) - (Size=1611.3 GB) - (Type=42)
 
==================== End of Addition.txt ============================
 
 
thank you


#6 satchfan

satchfan

  • Malware Response Team
  • 2,668 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:09:07 AM

Posted 19 May 2016 - 04:31 PM

You have, or have had, illegal software on your system which is probably how your computer became infected. Besides being illegal, cracks/keygens are the most certain means of infecting your system, as ALL illegal software contains some form of malicious code.

This forum, as well as all the other well-respected malware removal forums, does not condone the use of illegal software. If you disregard this warning and become re-infected, we may not assist you the next time.

Please uninstall all the illegal software that you have downloaded and installed. When you have done this, run the following program and post a new log.

Run CKScanner

Download CKScanner by askey127 from here & save it to your Desktop.

  • double-click CKScanner.exe then click Search For Files
  • when the cursor hourglass disappears, click Save List To File
  • a message box will verify the file saved
  • double-click the CKFiles.txt icon on your desktop then copy/paste the contents in your next reply.

Satchfan

 

 


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#7 amannoying

amannoying
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:37 PM

Posted 19 May 2016 - 09:31 PM

CKScanner 2.5 - Additional Security Risks - These are not necessarily bad
scanner sequence 3.RP.11.NRNAIZ
 ----- EOF ----- 
 
thank you for the help
appreciate it . 

 

You have, or have had, illegal software on your system which is probably how your computer became infected. Besides being illegal, cracks/keygens are the most certain means of infecting your system, as ALL illegal software contains some form of malicious code.

This forum, as well as all the other well-respected malware removal forums, does not condone the use of illegal software. If you disregard this warning and become re-infected, we may not assist you the next time.


 

 

 

i'm not currently using any illegal software . if i have it in my system i'll do my best to remove those files .

 

regards



#8 satchfan

satchfan

  • Malware Response Team
  • 2,668 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:09:07 AM

Posted 20 May 2016 - 06:18 AM

Ther was confirmation that you have at least one illegal file on your computer which is a Microsoft Windows/Microsoft Office license activation tool.

I’ll remove it in the “fix” instructions.

===================================================

P2P - I see you have P2P software, (BitTorrent ), installed on your machine. Although BitTorrent itself is a legitimate program, it is usually seen here in conjunction with other programs used for P2P file-sharing.

We are not here to pass judgment on file-sharing as a concept but we will warn you that engaging in this activity will always make your computer very susceptible to infection and re-infection.

If your computer is infected, it almost certainly contributed to your current situation.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are more often than not, infected. Those who write malware use P2P file-sharing as a major vehicle to spread their wares.

Please see this topic for more information:

Perils of P2P File Sharing.

I would strongly recommend that you uninstall it now. You can do so via Control Panel, Programs, and then Programs and Features.

Should you decide to keep it, please don’t use it until we have finished up here.

===================================================

Quick Heal Total Security

I notice that this is disabled and Windows Defender is enabled. If you no longer want to use Quick Heal Total Security I suggest you uninstall it as having two antiviruses installed is not a good idea.

To do this:

  • right-click the Start button and click Control Panel
  • go to “Programs and Features” - (if your Control Panel is in “Category” view, go to “Uninstall a Program”)
  • locate the program you want to uninstall, click it to select it, and then click Uninstall.

===================================================

Run Farbar Recovery Scan Tool

Open notepad. Please copy the contents of the code box below and paste it into Notepad.

CloseProcesses:
SearchScopes: HKU\S-1-5-21-3995623376-2330443085-2327478385-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.co.in/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ASUM_enIN669
SearchScopes: HKU\S-1-5-21-3995623376-2330443085-2327478385-1000 -> {B3B3A6AC-74EC-BD56-BCDB-EFA4799FB9DF} URL = hxxps://www.amazon.com/gp/bit/amazonserp/ref=bit_bds-p17_serp_ie_us_display?ie=UTF8&tagbase=bds-p17&tbrId=v1_abb-channel-17_fefd116b_1201_1403_20160409_IN_ie_ds_&tag=bds-p17-serp-us-ie-20&query={searchTerms}
Toolbar: HKU\S-1-5-21-3995623376-2330443085-2327478385-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
FF Extension: No Name - C:\Users\vijay\AppData\Roaming\Mozilla\Firefox\Profiles\8x57h8qy.default-1448027489776\extensions\{746505DC-0E21-4667-97F8-72EA6BCF5EEF} [not found]
S2 DigitalWave.Update.Service; "C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe" [X]
U3 idsvc; no ImagePath
S3 WinDivert1.1; \??\C:\Program Files\KMSpico\WinDivert.sys [X]
U3 wpcsvc; no ImagePath
Task: {0273315E-0B38-4013-8133-5AF265CDEB67} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {0DFB170C-0BC8-4EAB-9919-C340B21A226A} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {2BBF4157-D25A-4F99-92FA-E14F9E709B81} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {39AA7F08-D6F1-426D-B74D-8B9A13FD1776} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {6F65B7D6-8878-45C1-8F15-8DF84372A6EE} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {72B4D4D4-A5B2-417B-99F0-A667D2DE7C92} - \AutoPico Daily Restart -> No File <==== ATTENTION
Task: {72FC62EA-DB86-4AEB-9D58-378A8CAAE6FC} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {82FB94AC-8F34-454B-B321-534AFEE0F2F0} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {9D3D06A3-5A2C-4D52-A438-03C73B836805} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {C3B98A4E-4C22-4F17-A105-504F14F10615} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {F12BD056-8957-439E-A943-CB596E03C0DF} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {F2715726-284E-45BE-B308-5B563686B14E} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {FFB8102E-27AE-45FF-BF0A-4B52D0C24CFC} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
FirewallRules: [{B4BFE718-8D7E-4248-B7D7-114EF679352A}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{D90EA935-BFCC-459B-8585-88F7A7496F27}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{24F2D9D4-6FAA-4012-B045-4F54C68C1F09}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{28ADE72B-99F2-4760-BF95-E61743907AAA}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{0AA44E49-9A7E-4E60-A45E-201A0B6ADE26}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe
FirewallRules: [{1EDDE363-A7E7-4DE1-87CC-7A64FCA92D29}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe
FirewallRules: [{AE24281E-F5B5-4337-B37B-E99DFF340867}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{655879FD-4178-42FD-8028-97C4A954EC90}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
C:\Program Files\KMSpico\AutoPico.exe
EmptyTemp:

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

  • save the files as fixlist.txt in the same folder as FRST – NOTE: It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work
  • run FRST64 then click Fix just once and wait
  • it will create a log on your desktop, (Fixlog.txt); please post it to your reply.

===================================================

Run Malwarebytes’ Anti-Malware

I noticed that you had MBAM on your system: if you no longer have it, you can download it from here:

  • on the Dashboard, click Update Now
  • after the update completes, click the Scan Now' button.
  • if an update is available, clicking the Update Now button will update it
  • a Threat Scan will begin.
  • when the scan is complete, if malware has been detected, click Apply Actions to allow MBAM to clean what was found
  • when the prompt to restart the computer appears, click Yes.
  • after the restart once you are back at your desktop, open MBAM once more
  • click on the “History” tab, the “Application Logs”
  • double-click on the scan log which shows the date and time of the scan just performed.
  • click Copy to Clipboard
  • please paste the contents of the clipboard into your reply.

Logs to include with the next post:

Fixlog.txt
Mbam.txt


Can you tell me if there are any outstanding problems.

Satchfan

 


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#9 amannoying

amannoying
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:37 PM

Posted 22 May 2016 - 02:53 AM

Fix result of Farbar Recovery Scan Tool (x64) Version:18-05-2016
Ran by vijay (2016-05-21 07:21:37) Run:1
Running from C:\Users\vijay\Desktop
Loaded Profiles: vijay (Available Profiles: vijay & DefaultAppPool)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CloseProcesses:
SearchScopes: HKU\S-1-5-21-3995623376-2330443085-2327478385-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.co.in/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ASUM_enIN669
SearchScopes: HKU\S-1-5-21-3995623376-2330443085-2327478385-1000 -> {B3B3A6AC-74EC-BD56-BCDB-EFA4799FB9DF} URL = hxxps://www.amazon.com/gp/bit/amazonserp/ref=bit_bds-p17_serp_ie_us_display?ie=UTF8&tagbase=bds-p17&tbrId=v1_abb-channel-17_fefd116b_1201_1403_20160409_IN_ie_ds_&tag=bds-p17-serp-us-ie-20&query={searchTerms}
Toolbar: HKU\S-1-5-21-3995623376-2330443085-2327478385-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
FF Extension: No Name - C:\Users\vijay\AppData\Roaming\Mozilla\Firefox\Profiles\8x57h8qy.default-1448027489776\extensions\{746505DC-0E21-4667-97F8-72EA6BCF5EEF} [not found]
S2 DigitalWave.Update.Service; "C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe" [X]
U3 idsvc; no ImagePath
S3 WinDivert1.1; \??\C:\Program Files\KMSpico\WinDivert.sys [X]
U3 wpcsvc; no ImagePath
Task: {0273315E-0B38-4013-8133-5AF265CDEB67} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {0DFB170C-0BC8-4EAB-9919-C340B21A226A} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {2BBF4157-D25A-4F99-92FA-E14F9E709B81} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {39AA7F08-D6F1-426D-B74D-8B9A13FD1776} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {6F65B7D6-8878-45C1-8F15-8DF84372A6EE} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {72B4D4D4-A5B2-417B-99F0-A667D2DE7C92} - \AutoPico Daily Restart -> No File <==== ATTENTION
Task: {72FC62EA-DB86-4AEB-9D58-378A8CAAE6FC} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {82FB94AC-8F34-454B-B321-534AFEE0F2F0} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {9D3D06A3-5A2C-4D52-A438-03C73B836805} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {C3B98A4E-4C22-4F17-A105-504F14F10615} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {F12BD056-8957-439E-A943-CB596E03C0DF} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {F2715726-284E-45BE-B308-5B563686B14E} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {FFB8102E-27AE-45FF-BF0A-4B52D0C24CFC} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
FirewallRules: [{B4BFE718-8D7E-4248-B7D7-114EF679352A}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{D90EA935-BFCC-459B-8585-88F7A7496F27}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{24F2D9D4-6FAA-4012-B045-4F54C68C1F09}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{28ADE72B-99F2-4760-BF95-E61743907AAA}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{0AA44E49-9A7E-4E60-A45E-201A0B6ADE26}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe
FirewallRules: [{1EDDE363-A7E7-4DE1-87CC-7A64FCA92D29}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe
FirewallRules: [{AE24281E-F5B5-4337-B37B-E99DFF340867}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{655879FD-4178-42FD-8028-97C4A954EC90}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
C:\Program Files\KMSpico\AutoPico.exe
EmptyTemp:
*****************
 
Processes closed successfully.
"HKU\S-1-5-21-3995623376-2330443085-2327478385-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => key removed successfully
HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => key not found. 
"HKU\S-1-5-21-3995623376-2330443085-2327478385-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B3B3A6AC-74EC-BD56-BCDB-EFA4799FB9DF}" => key removed successfully
HKCR\CLSID\{B3B3A6AC-74EC-BD56-BCDB-EFA4799FB9DF} => key not found. 
HKU\S-1-5-21-3995623376-2330443085-2327478385-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value removed successfully
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => key not found. 
C:\Users\vijay\AppData\Roaming\Mozilla\Firefox\Profiles\8x57h8qy.default-1448027489776\extensions\{746505DC-0E21-4667-97F8-72EA6BCF5EEF} => path removed successfully
DigitalWave.Update.Service => service removed successfully
idsvc => service removed successfully
WinDivert1.1 => service removed successfully
wpcsvc => service removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0273315E-0B38-4013-8133-5AF265CDEB67}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0273315E-0B38-4013-8133-5AF265CDEB67}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0DFB170C-0BC8-4EAB-9919-C340B21A226A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0DFB170C-0BC8-4EAB-9919-C340B21A226A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2BBF4157-D25A-4F99-92FA-E14F9E709B81}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2BBF4157-D25A-4F99-92FA-E14F9E709B81}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{39AA7F08-D6F1-426D-B74D-8B9A13FD1776}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{39AA7F08-D6F1-426D-B74D-8B9A13FD1776}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{6F65B7D6-8878-45C1-8F15-8DF84372A6EE}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6F65B7D6-8878-45C1-8F15-8DF84372A6EE}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{72B4D4D4-A5B2-417B-99F0-A667D2DE7C92}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{72B4D4D4-A5B2-417B-99F0-A667D2DE7C92}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoPico Daily Restart" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{72FC62EA-DB86-4AEB-9D58-378A8CAAE6FC}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{72FC62EA-DB86-4AEB-9D58-378A8CAAE6FC}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{82FB94AC-8F34-454B-B321-534AFEE0F2F0}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{82FB94AC-8F34-454B-B321-534AFEE0F2F0}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9D3D06A3-5A2C-4D52-A438-03C73B836805}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9D3D06A3-5A2C-4D52-A438-03C73B836805}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C3B98A4E-4C22-4F17-A105-504F14F10615}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C3B98A4E-4C22-4F17-A105-504F14F10615}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F12BD056-8957-439E-A943-CB596E03C0DF}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F12BD056-8957-439E-A943-CB596E03C0DF}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F2715726-284E-45BE-B308-5B563686B14E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F2715726-284E-45BE-B308-5B563686B14E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FFB8102E-27AE-45FF-BF0A-4B52D0C24CFC}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FFB8102E-27AE-45FF-BF0A-4B52D0C24CFC}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => key removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B4BFE718-8D7E-4248-B7D7-114EF679352A} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D90EA935-BFCC-459B-8585-88F7A7496F27} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{24F2D9D4-6FAA-4012-B045-4F54C68C1F09} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{28ADE72B-99F2-4760-BF95-E61743907AAA} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0AA44E49-9A7E-4E60-A45E-201A0B6ADE26} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1EDDE363-A7E7-4DE1-87CC-7A64FCA92D29} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{AE24281E-F5B5-4337-B37B-E99DFF340867} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{655879FD-4178-42FD-8028-97C4A954EC90} => value removed successfully
"C:\Program Files\KMSpico\AutoPico.exe" => not found.
EmptyTemp: => 512.1 MB temporary data Removed.
 
 
The system needed a reboot.
 
==== End of Fixlog 07:22:57 ====
 
 
 
 
 
 
 
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 5/18/2016
Scan Time: 2:32 PM
Logfile: mbam.txt
Administrator: Yes
 
Version: 0.0.0.0000
Malware Database: v2016.05.18.03
Rootkit Database: v2016.05.06.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 10
CPU: x64
File System: NTFS
User: vijay
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 341640
Time Elapsed: 10 min, 20 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)


#10 amannoying

amannoying
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:37 PM

Posted 22 May 2016 - 02:57 AM

no i don't have any other problem 



#11 satchfan

satchfan

  • Malware Response Team
  • 2,668 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:09:07 AM

Posted 22 May 2016 - 07:02 AM

You’ve done well.

Let’s run an online scan to be sure nothing is left and if that’s clear I’ll send instructions to tidy up.


Run ESET Online Scan

Note: This may take a long time so please be patient.

IMPORTANT Please make sure you uncheck the box next to Remove found threats. Eset will detect anything that looks even slightly suspicious, which could include legitimate program files. If you do not uncheck the box, Eset will automatically remove all suspicious files which could leave some of your software inoperable.

Note: You can use Internet Explorer, FireFox or Chrome for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Hold down Control and click on the following link to open ESET OnlineScan in a new window.

ESET OnlineScan

  • click the Run Eset online Scanner button
  • for alternate browsers only: (Microsoft Internet Explorer users can skip these steps)


    o    click on esetinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    o    double click on the Eset installer icon on your desktop.
     

  • check Yes, I accept the Terms of Use
  • click the Start button
  • accept any security warnings from your browser
  • check Enable detection of potentially unwanted applications
  • click Advanced settings and select the following:


    o    scan archives
    o    scan for potentially unsafe applications
    o    enable Anti-Stealth technology


    Note: Do not check Remove found threats
     

  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • when the scan completes, push List of found threats
  • push Export to Text file and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.


    Note - if ESET doesn't find any threats, no report will be created.
     

  • push the back button.
  • push Finish

When the scan is complete:

If no threats were found:


o    put a checkmark in "Uninstall application on close"
o    close program
o    report to me that nothing was found.
 

If threats were found:


o    click on "list of threats found"
o    click on "export to text file" and save it as ESET results and save to the desktop
o    click on back
o    put a checkmark in "Uninstall application on close"
o    click on finish
o    close program
o    copy and paste the report here
 

Thanks

Satchfan

 


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#12 satchfan

satchfan

  • Malware Response Team
  • 2,668 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:09:07 AM

Posted 25 May 2016 - 11:17 AM

Hi amannoying  

It has been several days since I asked you to run an Eset scan. Please let me know the result and we can then tidy up.

If I do not hear from you within 24 hours I'll assume that all is well and close this topic.

Thanks

Satchfan


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#13 satchfan

satchfan

  • Malware Response Team
  • 2,668 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:09:07 AM

Posted 26 May 2016 - 02:41 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users